Getting Started with NSX Intelligence

To get started using VMware NSX^® Intelligence™, you must activate it and then familiarize yourself with the NSX Intelligence user interface.

Overview

NSX Intelligence is a modern application that is hosted on the VMware NSX^® Application Platform, which is a platform based on a microservices architecture.

The NSX Intelligence application provides the following capabilities.

A visualization of the security posture of your on-premises VMware NSX^® environment. The visualization uses the network traffic flows aggregated within the time period that you specified.
Assist you with microsegmentation planning by making NSX Intelligence firewall rule recommendations that use network traffic analytics with enforcement on security policies.
The NSX Suspicious Traffic functionality that uses network traffic analytics to detect suspicious network traffic activities that are occurring in your NSX 3.2 or later environment.

Prerequisites

Before you can use the available NSX Intelligence functionalities, you must complete the following tasks.

Deploy the NSX Application Platform and activate the NSX Intelligence feature on that platform.
Configure from which hosts or clusters of hosts NSX Intelligence is to collect the network traffic data.
By default, the NSX Intelligence feature collects network traffic data from all known hosts and clusters of hosts in your NSX environment.

For more information, see Activating and Upgrading VMware NSX Intelligence delivered with the NSX Intelligence Documentation set.

Start Using NSX Intelligence

After you activate and configure the NSX Intelligence application, the visualization, recommendation, and suspicious traffic functionalities become available in the NSX Manager UI.

To see the visualized NSX entities and traffic flows that occurred between them, click Plan & Troubleshoot > Discover & Take Action. See Understanding the Views and Flows in NSX Intelligence.
To obtain distributed firewall (DFW) rule recommendations for micro-segmentation planning, use the Plan & Troubleshoot > Recommendations. See Working with NSX Intelligence Recommendations.
To use the NSX Suspicious Traffic feature to perform network traffic analysis and detect suspicious traffic events, click Security > Suspicious Traffic. If the VMware NSX^® Network Detection and Response™ feature is also activated, detected suspicious events are flagged and sent to the VMware NSX^® Advanced Threat Prevention cloud service. If the cloud service found the detected events to be related, those events are correlated into a campaign that you can investigate further using the NSX Network Detection and Response user interface. See Detecting Suspicious Traffic Events in NSX for details.

Get familiar with the NSX Intelligence user interface using the information provided in this section.