You can export an NSX Intelligence DFW recommendation to a CSV file. To be eligible, the recommendation must have the Ready to Publish status before it can be exported to a CSV file.
The ability to export a ready-to-publish DFW recommendation to a CSV file was introduced in the NSX Intelligence 4.0.1 release. In NSX Intelligence 4.1.1, the exported content is enhanced. The following table lists the section names used in each CSV output version.
Section names used in CSV output for NSX Intelligence 4.0.1 release |
Section names used in CSV output for NSX Intelligence 4.1.1 and later releases |
Section description |
|---|---|---|
Security Policies |
Security Policies |
Security policy created or reused by the NSX Intelligence DFW recommendation. |
Rules |
New Rules |
New rules that belong to the above security policy. |
Groups |
New Groups |
New groups recommended in the NSX Intelligence DFW recommendation. |
Services |
New Services |
New services recommended by NSX Intelligence DFW recommendation. |
Services |
New Service Entries |
New service entries recommended in the NSX Intelligence DFW recommendation. |
N/A |
Modified Existing Rules |
Modified existing rules of a reused section in the NSX Intelligence DFW recommendation. |
N/A |
Existing Groups |
Existing groups reused in the NSX Intelligence DFW recommendation. |
N/A |
Existing Services |
Existing services reused in the NSX Intelligence DFW recommendation. |
N/A |
Existing Service Entries |
Existing service entries reused in the NSX Intelligence DFW recommendation. |
| N/A | Missing or deleted Computes | This section is included in the CSV file if compute entities (VMs and physical servers) that are referenced in the DFW recommendation are now missing or have been deleted |
| N/A | Missing or deleted Services | This section is included in the CSV file if service entities that are referenced in the DFW recommendation have been deleted or are now missing. |
| N/A | Missing or deleted Groups | This section is included in the CSV file if group entities that are referenced in the DFW recommendation have been deleted or are now missing. |
| N/A | Missing or deleted Rules | This section is included in the CSV file if rules that are referenced in the DFW recommendation have been deleted or are now missing. |
| N/A | Missing or deleted security policies | This section is included in the CSV file if security policies that are referenced in the DFW recommendation have been deleted or are now missing. |
You can export the NSX Intelligence DFW recommendation as a CSV file in a summary or detailed format.
Prerequisites
Generate a new recommendation. See Generate a New NSX Intelligence Recommendation.
Ensure that you have the Enterprise Admin or Security Admin role privileges required to export the DFW recommendation to a CSV file. See Role-Based Access Control in NSX Intelligence for more information.
Procedure
- From your browser, log in with the required privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Click .
- (Optional) List only the NSX Intelligence recommendations with the Ready to Publish status.
- Click Filter in the upper-right area.
- From the Apply Filter drop-down menu, select the Status and Ready to Publish filters.
- Click Apply.
- In the list of Ready to Publish recommendations, click the Actions menu icon
to the left of the name of the NSX Intelligence recommendation that you want to export. Select one of the following export options.
Export Detailed CSV:
NSX Intelligence downloads a file named <recommendation_name>_recommendations_detail.csv to your local system.
This CSV file contains the following information.
Section Name
Included Details
Security Policies
- applicationConnectivityStrategy
- connectivityPreference
- defaultRuleId
- loggingEnabled
- category
- comments
- internalSequenceNumber
- isDefault
- lockModifiedBy
- lockModifiedTime
- locked
- ruleCount
- scope
- sequenceNumber
- stateful
- tcpStrict
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- scopeWithDisplayNames
New Rules
- action
- destinationGroups
- destinationsExcluded
- direction
- disabled
- ipProtocol
- isDefault
- logged
- notes
- profiles
- ruleId
- scope
- sequenceNumber
- services
- sourceGroups
- sourcesExcluded
- tag
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- scopeWithDisplayNames
- destinationGroupsWithDisplayNames
- sourceGroupsWithDisplayNames
- servicesWithDisplayNames
- parentPathWithDisplayNames
New Groups
- expression
- extendedExpression
- groupType
- reference
- state
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- expressionWithDisplayNames
New Services
- serviceType
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- serviceEntriesIds
New Service Entries
- resourceType
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- id
- displayName
- description
- tags
- revision
- links
- self
- alg
- destinationPorts
- sourcePorts
- l4Protocol
Modified Existing Rules
- action
- destinationGroups
- destinationsExcluded
- direction
- disabled
- ipProtocol
- isDefault
- logged
- notes
- profiles
- ruleId
- scope
- sequenceNumber
- services
- sourceGroups
- sourcesExcluded
- tag
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- scopeWithDisplayNames
- destinationGroupsWithDisplayNames
- sourceGroupsWithDisplayNames
- servicesWithDisplayNames
- parentPathWithDisplayNames
Existing Groups
- policyIntentPath
- effectiveAndRelatedComputeMembers
- scope
- membershipTypes
- ipSetIds
- ipSetContents
- isSystemOwned
- configType
- realizationId
- displayName
- createUser
- createTime
- lastModifiedUser
- lastModifiedTime
- deleted
- revision
- tags
- effectiveAndRelatedComputeMembersWithDisplayNames
The effectiveAndRelatedComputeMembers displays the compute members' original UUID and the effectiveAndRelatedComputeMembersWithDisplayNames displays the compute members' display names.
Existing Services
- isSystemOwned
- configType
- realizationId
- policyIntentPath
- displayName
- createUser
- createTime
- lastModifiedUser
- lastModifiedTime
- deleted
- revision
- tags
- serviceEntriesIds
Existing Service Entries
- serviceEntryType
- serviceProtocol
- sourcePortsArray
- destinationPortsArray
- isSystemOwned
- configType
- realizationId
- policyIntentPath
- displayName
- createUser
- createTime
- lastModifiedUser
- lastModifiedTime
- deleted
- revision
- tags
Missing or deleted Computes If applicable, a list of deleted or missing VMs and physical servers. Missing or deleted Services If applicable, a list of paths for the missing or deleted services. Missing or deleted Groups If applicable, a list of deleted or missing Groups. Missing or deleted rules If applicable, a list of deleted or missing rules. Missing or deleted security policies If applicable, a list of deleted or missing security policies. Export Summary CSV.
NSX Intelligence downloads a file named <recommendation_name>_recommendations_summary.csv to your local system.
The file contains the following information.
Section Name
Included Details
Security Policies
- category
- scope
- displayName
New Rules
- action
- destinationGroups
- profiles
- scope
- services
- sourceGroups
- parentPath
- displayName
New Groups
- expression
- displayName
New Services
- serviceEntriesDisplayNames
- displayName
New Service Entries
- displayName
- alg
- destinationPorts
- sourcePorts
- l4Protocol
Modified Existing Rules
- action
- destinationGroups
- profiles
- scope
- services
- sourceGroups
- parentPath
- displayName
Existing Groups
- effectiveAndRelatedComputeMembers
- scope
- membershipTypes
- ipSetIds
- ipSetContents
- displayName
Existing Services
- serviceEntriesDisplayNames
- displayName
Existing Service Entries
- serviceEntryType
- serviceProtocol
- destinationPortsArray
- displayName
Missing or deleted Computes If applicable, a list of deleted or missing VMs and physical servers. Missing or deleted Services If applicable, a list of paths for the missing or deleted services. Missing or deleted Groups If applicable, a list of deleted or missing Groups. Missing or deleted rules If applicable, a list of deleted or missing rules Missing or deleted security policies If applicable, a list of deleted or missing security policies
