You access the NSX Intelligence visualization page by clicking Plan & Troubleshoot > Discover & Take Action in the NSX Manager user interface.

After you activate and configure the NSX Intelligence feature for the first time, when you click Plan & Troubleshoot > Discover & Take Action, NSX Intelligence begins to render some visualization after some network traffic data has been received from the transport nodes and the inventory information is received from NSX Manager.

By default, when you click Discover & Take Action, you see the visualization of the security posture of all the groups defined in your on-premises NSX inventory.

  • If there are no groups defined yet, there are no groups displayed.

  • Groups might have allowed, blocked, and unprotected traffic flows between their compute member entities in the last hour.

  • If there are VMs or physical servers, but they do not belong to any group, you see the icon for the Uncategorized Computes group.

  • If there are IP addresses that do not belong to any group, you see the Unknown icon.

Both icons for the Unknown and Uncategorized Computes groups are shown in the following image.
Screenshot image of the Unknown group and Uncategorized Computes group

If you already have defined groups, you might see a visualization similar to the following image, which illustrates a visualization of an NSX data center's security postures with the Last 1 Month as the selected time period to use. The table that follows the image describes the annotated sections in the image.Screenshot of Discover & Take Action UI with visualization of groups displayed. Sections are stamped with numbers and described in the table.




In the Security section, you can select the type of NSX objects whose security posture you want displayed. The two types of objects are Groups and Computes.

When you click Plan & Troubleshoot > Discover & Take Action for the first time, the default Security view displayed is the Groups view. This view displays all the group objects in your NSX environment during the specified time period, which is initially set to Now.

  • To select specific groups in the Groups view, click the down arrow next to All, select one or more groups from the drop-down menu of available groups, specify whether to include or exclude the selected groups, and click Apply.

  • To select the Computes view, click the down arrow next to Groups, select Computes, and click Apply. All the VMs, IP addresses, and physical servers that exist in your NSX environment during the current time period are visualized.

  • To select specific VMs, IP addresses, or physical servers that you want to be included in the Computes view, click the down arrow next to ALL, click Show All Types, and select a compute type (VMs, IPs, or Physical Servers) from the drop-down menu. Alternatively, select or deselect specific compute items from the drop-down menu of available compute objects. In the Options on selected section, specify whether to include or exclude the selected items. Click Apply.

  • To clear any filtered selections you made in either view type, click Clear on the upper-right side of the visualization page and click Clear in the Clear All Filters dialog box to confirm. If you click Clear when you are in the Computes view, the selection filters get cleared and you are placed in the Groups view.

See Working with the Groups View in NSX Intelligence and Working with the Computes View in NSX Intelligence for more information on how to work with the two view types.


In the Apply Filter section, you can refine the display criteria used for the current visualization. Click Apply Filter, select the filter criteria, and click Apply. You can specify multiple filters by clicking Apply Filter again. See Use Filters on the NSX Intelligence Visualization UI for more details.


With the Flows section, you can select which traffic flow type you want to include in the visualization for the selected time period. The colors used in the visualization for the flow types gets displayed in this section.
  • A red-hued dashed line is used for Unprotected flows.

  • The blue-hued solid line is used for Blocked flows.

  • The green-hued solid line for the Allowed flows.

By default, all the traffic flow types are selected for the current NSX Intelligence visualization. See Working with Traffic Flows in NSX Intelligence for more information.


When you click the gear icon gear icon, links to the following settings pages are provided in the NSX Intelligence Related Settings dialog box.
  • To configure settings specific for NSX Intelligence, use the System > Settings > NSX Intelligence page. See Manage the NSX Intelligence Data Collection Settings for more information.

  • To manage the privacy settings, use the Security > General Settings > Privacy page.

  • To manage the private IP ranges used by NSX Intelligence, use the Security > General Settings > Private IP Ranges page. See Managing the Private IP Ranges for NSX Intelligence for information.

  • To use the Preferences - Classification page to manage any unreviewed infrastructure classifications, click Plan & Troubleshoot > Preferences. If there are any unreviewed infrastructure classifications that the system inferred, a red circular badge appears on the gear icon, gear icon with a red dot. See Managing Compute Entity Classifications in NSX Intelligence for more information.


The refresh status section gives information as to when the visualization graph was last refreshed. To force a refresh of the current view, click the refresh icon refresh icon.


In the time period selection section, you select the time period that determines the historical network traffic flow data that NSX Intelligence uses to generate the desired visualization and microsegmentation recommendation. The time period is relative to the current time and some time period in the past.

Now is the default time period used when you first click Plan & Troubleshoot > Discover & Take Action. This option displays the most recent traffic flow data that the system has captured, up to the most recent one million traffic flows processed.

To change the selected time period, click the currently selected time period and select another from the drop-down menu. You can select Now, Last 1 Hour, Last 12 Hours, Last 24 Hours, Last 1 Week, Last 2 Weeks, or Last 1 Month.


The canvas section displays the visualization graph of the security postures of the groups or compute entities in your NSX environment. It also includes the visualization of the traffic flows that have occurred during the selected time period. In this section, you can point to a specific node or flow arrow to obtain details about that specific entity.

By default, if there are less than 500 nodes and less than 5000 flows to display, NSX Intelligence does not apply any clustering mode to the security posture visualization. If those nodes and flows limits are exceeded, NSX Intelligence clusters the nodes based on the traffic flow that has occurred between the compute entities during the selected time period.

See Getting Familiar with NSX Intelligence Graphic Elements and Understanding the Views and Flows in NSX Intelligence for more information.


The Overview map is a miniature version of the whole visualization graph. When you zoom into specific entities shown in the graph, the mini-map gets updated to highlight where your current view is located relative to the overall visualization graph. When you click in the mini-map window and drag the opaque rectangular overlay, your current view of the visualization graph also gets updated. This becomes very useful when you have a very large inventory in your NSX environment.


Use the following viewing control icons to change the viewing mode applied to the visualization graph.
  • Click zoom-in icon to zoom in on the view.
  • Click zoom-out icon to zoom out the view.
  • Click 1:1 aspect ratio icon to apply a 1:1 aspect ratio the visualization graph.
  • Click fit to view icon to resize the view to fit the screen.
  • Click fullscreen icon to go into a full screen viewing mode. Press ESC to exit the full-screen mode.
  • Click move icon to move items on the graph. To shift to the Move mode when you are using the Select mode, press and hold the spacebar, and drag your pointer around the UI to move objects in the visualization graph.
  • Click select icon to select nodes in the graph. You can drag your pointer to select multiple nodes, or press Shift and click each node you want to select.
  • Click clustering icon to view the graph using the available clustering mode. The available modes are No Clustering, Clustering by Flows, Clustering by Labels (valid in Computes view only), Clustering by Names, and Clustering by Tags. When you use the clustering by Tags mode, you must also select a tag scope. The selected tag scope value is used to arrange the entities in the visualization graph. All entities that do not have a tag within the given tag scope are clustered together.
You can also use keyboard hotkeys to manage your viewing controls. To display the Keyboard Shortcuts Help window, press Shift+click the / key.
keyboard shortcuts for visualization canvas

To navigate to a previously viewed visualization, use your Web browser's back button. If you are in full-screen mode and you want to return to the previous visualization, press ESC to exit the full-screen mode and use your Web browser's back button.