Export an Security Intelligence Recommendation as a CSV File

You can export an Security Intelligence DFW recommendation to a CSV file. To be eligible, the recommendation must have the Ready to Publish status before it can be exported to a CSV file.

The ability to export a ready-to-publish DFW recommendation to a CSV file was introduced in the Security Intelligence 4.0.1 release. In the Security Intelligence 4.1.1 release, the exported content is enhanced. The following table lists the section names used in each CSV output version.

Section names used in CSV output for Security Intelligence 4.0.1 release	Section names used in CSV output for Security Intelligence 4.1.1 and later releases	Section description
`Security Policies`	`Security Policies`	Security policy created or reused by the Security Intelligence DFW recommendation.
`Rules`	`New Rules`	New rules that belong to the above security policy.
`Groups`	`New Groups`	New groups recommended in the Security Intelligence DFW recommendation.
`Services`	`New Services`	New services recommended by Security Intelligence DFW recommendation.
`Services`	`New Service Entries`	New service entries recommended in the Security Intelligence DFW recommendation.
N/A	`Modified Existing Rules`	Modified existing rules of a reused section in the Security Intelligence DFW recommendation.
N/A	`Existing Groups`	Existing groups reused in the Security Intelligence DFW recommendation.
N/A	`Existing Services`	Existing services reused in the Security Intelligence DFW recommendation.
N/A	`Existing Service Entries`	Existing service entries reused in the Security Intelligence DFW recommendation.
N/A	`Missing or deleted Computes`	This section is included in the CSV file if compute entities (VMs and physical servers) that are referenced in the DFW recommendation are now missing or have been deleted
N/A	`Missing or deleted Services`	This section is included in the CSV file if service entities that are referenced in the DFW recommendation have been deleted or are now missing.
N/A	`Missing or deleted Groups`	This section is included in the CSV file if group entities that are referenced in the DFW recommendation have been deleted or are now missing.
N/A	`Missing or deleted Rules`	This section is included in the CSV file if rules that are referenced in the DFW recommendation have been deleted or are now missing.
N/A	`Missing or deleted security policies`	This section is included in the CSV file if security policies that are referenced in the DFW recommendation have been deleted or are now missing.

You can export the Security Intelligence DFW recommendation as a CSV file in a summary or detailed format.

Requisitos previos

Generate a new recommendation. See Generate a New Security Intelligence Recommendation.
Ensure that you have the required privileges to export the DFW recommendation to a CSV file. See Control de acceso basado en funciones en Security Intelligence for more information.

Procedimiento

From your browser, log in with the required privileges to an NSX Manager at https://<nsx-manager-ip-address>.
Click Plan & Troubleshoot > Recommendations.
(opcional) List only the Security Intelligence recommendations with the Ready to Publish status.
1. Click Filter in the upper-right area.
2. From the Apply Filter drop-down menu, select the Status and Ready to Publish filters.
3. Click Apply.

In the list of Ready to Publish, Published, or Publish Failed recommendations, click the Actions menu icon

to the left of the name of the Security Intelligence recommendation that you want to export. Select one of the following export options.

Export Summary CSV.

Security Intelligence downloads a file named <recommendation_name>_recommendations_summary.csv to your local system.

The file contains the following information.

Section Name	Included Details
`Security Policies`	category scope displayName
`Rules`	action destinationGroups profiles scope services sourceGroups parentPath displayName
`Groups`	expression displayName
`Services`	serviceEntriesDisplayNames displayName
`Service Entries`	displayName alg destinationPorts sourcePorts l4Protocol
`Modified Existing Rules`	action destinationGroups profiles scope services sourceGroups parentPath displayName
`Existing Groups`	effectiveAndRelatedComputeMembers scope membershipTypes ipSetIds ipSetContents displayName
`Existing Services`	serviceEntriesDisplayNames displayName
`Existing Service Entries`	serviceEntryType serviceProtocol destinationPortsArray displayName
`Missing or deleted Computes`	If applicable, a list of deleted or missing VMs and physical servers.
`Missing or deleted Services`	If applicable, a list of paths for the missing or deleted services.
`Missing or deleted Groups`	If applicable, a list of deleted or missing Groups.
`Missing or deleted rules`	If applicable, a list of deleted or missing rules
`Missing or deleted security policies`	If applicable, a list of deleted or missing security policies

Export Detailed CSV:

Security Intelligence downloads a file named <recommendation_name>_recommendations_detail.csv to your local system.

This CSV file contains the following information.

Section Name	Included Details
`Security Policies`	applicationConnectivityStrategy connectivityPreference defaultRuleId loggingEnabled category comments internalSequenceNumber isDefault lockModifiedBy lockModifiedTime locked ruleCount scope sequenceNumber stateful tcpStrict overridden parentPath path realizationId relativePath uniqueId resourceType CreateUser CreateTime LastModifiedUser LastModifiedTime SystemOwned id displayName description tags revision links self scopeWithDisplayNames
`Rules`	action destinationGroups destinationsExcluded direction disabled ipProtocol isDefault logged notes profiles ruleId scope sequenceNumber services sourceGroups sourcesExcluded tag overridden parentPath path realizationId relativePath uniqueId resourceType CreateUser CreateTime LastModifiedUser LastModifiedTime SystemOwned id displayName description tags revision links self scopeWithDisplayNames destinationGroupsWithDisplayNames sourceGroupsWithDisplayNames servicesWithDisplayNames parentPathWithDisplayNames
`Groups`	expression extendedExpression groupType reference state overridden parentPath path realizationId relativePath uniqueId resourceType CreateUser CreateTime LastModifiedUser LastModifiedTime SystemOwned id displayName description tags revision links self expressionWithDisplayNames
`Services`	serviceType parentPath path realizationId relativePath uniqueId resourceType CreateUser CreateTime LastModifiedUser LastModifiedTime SystemOwned id displayName description tags revision links self serviceEntriesIds
`Service Entries`	resourceType overridden parentPath path realizationId relativePath uniqueId id displayName description tags revision links self alg destinationPorts sourcePorts l4Protocol
`Modified Existing Rules`	action destinationGroups destinationsExcluded direction disabled ipProtocol isDefault logged notes profiles ruleId scope sequenceNumber services sourceGroups sourcesExcluded tag overridden parentPath path realizationId relativePath uniqueId resourceType CreateUser CreateTime LastModifiedUser LastModifiedTime SystemOwned id displayName description tags revision links self scopeWithDisplayNames destinationGroupsWithDisplayNames sourceGroupsWithDisplayNames servicesWithDisplayNames parentPathWithDisplayNames
`Existing Groups`	policyIntentPath effectiveAndRelatedComputeMembers scope membershipTypes ipSetIds ipSetContents isSystemOwned configType realizationId displayName createUser createTime lastModifiedUser lastModifiedTime deleted revision tags effectiveAndRelatedComputeMembersWithDisplayNames The effectiveAndRelatedComputeMembers displays the compute members' original UUID and the effectiveAndRelatedComputeMembersWithDisplayNames displays the compute members' display names.
`Existing Services`	isSystemOwned configType realizationId policyIntentPath displayName createUser createTime lastModifiedUser lastModifiedTime deleted revision tags serviceEntriesIds
`Existing Service Entries`	serviceEntryType serviceProtocol sourcePortsArray destinationPortsArray isSystemOwned configType realizationId policyIntentPath displayName createUser createTime lastModifiedUser lastModifiedTime deleted revision tags
`Missing or deleted Computes`	If applicable, a list of deleted or missing VMs and physical servers.
`Missing or deleted Services`	If applicable, a list of paths for the missing or deleted services.
`Missing or deleted Groups`	If applicable, a list of deleted or missing Groups.
`Missing or deleted rules`	If applicable, a list of deleted or missing rules.
`Missing or deleted security policies`	If applicable, a list of deleted or missing security policies.