You can export an Security Intelligence DFW recommendation to a CSV file. To be eligible, the recommendation must have the Ready to Publish status before it can be exported to a CSV file.
The ability to export a ready-to-publish DFW recommendation to a CSV file was introduced in the Security Intelligence 4.0.1 release. In the Security Intelligence 4.1.1 release, the exported content is enhanced. The following table lists the section names used in each CSV output version.
Section names used in CSV output for Security Intelligence 4.0.1 release |
Section names used in CSV output for Security Intelligence 4.1.1 and later releases | Section description |
---|---|---|
Security Policies |
Security Policies |
Security policy created or reused by the Security Intelligence DFW recommendation. |
Rules |
New Rules |
New rules that belong to the above security policy. |
Groups |
New Groups |
New groups recommended in the Security Intelligence DFW recommendation. |
Services |
New Services |
New services recommended by Security Intelligence DFW recommendation. |
Services |
New Service Entries |
New service entries recommended in the Security Intelligence DFW recommendation. |
N/A |
Modified Existing Rules |
Modified existing rules of a reused section in the Security Intelligence DFW recommendation. |
N/A |
Existing Groups |
Existing groups reused in the Security Intelligence DFW recommendation. |
N/A |
Existing Services |
Existing services reused in the Security Intelligence DFW recommendation. |
N/A |
Existing Service Entries |
Existing service entries reused in the Security Intelligence DFW recommendation. |
N/A | Missing or deleted Computes | This section is included in the CSV file if compute entities (VMs and physical servers) that are referenced in the DFW recommendation are now missing or have been deleted |
N/A | Missing or deleted Services | This section is included in the CSV file if service entities that are referenced in the DFW recommendation have been deleted or are now missing. |
N/A | Missing or deleted Groups | This section is included in the CSV file if group entities that are referenced in the DFW recommendation have been deleted or are now missing. |
N/A | Missing or deleted Rules | This section is included in the CSV file if rules that are referenced in the DFW recommendation have been deleted or are now missing. |
N/A | Missing or deleted security policies | This section is included in the CSV file if security policies that are referenced in the DFW recommendation have been deleted or are now missing. |
You can export the Security Intelligence DFW recommendation as a CSV file in a summary or detailed format.
Requisitos previos
Generate a new recommendation. See Generate a New Security Intelligence Recommendation.
Ensure that you have the required privileges to export the DFW recommendation to a CSV file. See Control de acceso basado en funciones en Security Intelligence for more information.
Procedimiento
- From your browser, log in with the required privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Click .
- (opcional) List only the Security Intelligence recommendations with the Ready to Publish status.
- Click Filter in the upper-right area.
- From the Apply Filter drop-down menu, select the Status and Ready to Publish filters.
- Click Apply.
- In the list of Ready to Publish, Published, or Publish Failed recommendations, click the Actions menu icon to the left of the name of the Security Intelligence recommendation that you want to export. Select one of the following export options.
-
Export Summary CSV.
Security Intelligence downloads a file named <recommendation_name>_recommendations_summary.csv to your local system.
The file contains the following information.
Section Name
Included Details
Security Policies
-
category
-
scope
-
displayName
Rules
-
action
-
destinationGroups
-
profiles
-
scope
-
services
-
sourceGroups
-
parentPath
-
displayName
Groups
-
expression
-
displayName
Services
-
serviceEntriesDisplayNames
-
displayName
Service Entries
-
displayName
-
alg
-
destinationPorts
-
sourcePorts
-
l4Protocol
Modified Existing Rules
-
action
-
destinationGroups
-
profiles
-
scope
-
services
-
sourceGroups
-
parentPath
-
displayName
Existing Groups
-
effectiveAndRelatedComputeMembers
-
scope
-
membershipTypes
-
ipSetIds
-
ipSetContents
-
displayName
Existing Services
-
serviceEntriesDisplayNames
-
displayName
Existing Service Entries
-
serviceEntryType
-
serviceProtocol
-
destinationPortsArray
-
displayName
Missing or deleted Computes
If applicable, a list of deleted or missing VMs and physical servers.
Missing or deleted Services
If applicable, a list of paths for the missing or deleted services.
Missing or deleted Groups
If applicable, a list of deleted or missing Groups.
Missing or deleted rules
If applicable, a list of deleted or missing rules
Missing or deleted security policies
If applicable, a list of deleted or missing security policies
-
-
Export Detailed CSV:
Security Intelligence downloads a file named <recommendation_name>_recommendations_detail.csv to your local system.
This CSV file contains the following information.
Section Name
Included Details
Security Policies
- applicationConnectivityStrategy
- connectivityPreference
- defaultRuleId
- loggingEnabled
- category
- comments
- internalSequenceNumber
- isDefault
- lockModifiedBy
- lockModifiedTime
- locked
- ruleCount
- scope
- sequenceNumber
- stateful
- tcpStrict
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- scopeWithDisplayNames
Rules
- action
- destinationGroups
- destinationsExcluded
- direction
- disabled
- ipProtocol
- isDefault
- logged
- notes
- profiles
- ruleId
- scope
- sequenceNumber
- services
- sourceGroups
- sourcesExcluded
- tag
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- scopeWithDisplayNames
- destinationGroupsWithDisplayNames
- sourceGroupsWithDisplayNames
- servicesWithDisplayNames
- parentPathWithDisplayNames
Groups
- expression
- extendedExpression
- groupType
- reference
- state
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- expressionWithDisplayNames
Services
- serviceType
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- serviceEntriesIds
Service Entries
- resourceType
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- id
- displayName
- description
- tags
- revision
- links
- self
- alg
- destinationPorts
- sourcePorts
- l4Protocol
Modified Existing Rules
- action
- destinationGroups
- destinationsExcluded
- direction
- disabled
- ipProtocol
- isDefault
- logged
- notes
- profiles
- ruleId
- scope
- sequenceNumber
- services
- sourceGroups
- sourcesExcluded
- tag
- overridden
- parentPath
- path
- realizationId
- relativePath
- uniqueId
- resourceType
- CreateUser
- CreateTime
- LastModifiedUser
- LastModifiedTime
- SystemOwned
- id
- displayName
- description
- tags
- revision
- links
- self
- scopeWithDisplayNames
- destinationGroupsWithDisplayNames
- sourceGroupsWithDisplayNames
- servicesWithDisplayNames
- parentPathWithDisplayNames
Existing Groups
- policyIntentPath
- effectiveAndRelatedComputeMembers
- scope
- membershipTypes
- ipSetIds
- ipSetContents
- isSystemOwned
- configType
- realizationId
- displayName
- createUser
- createTime
- lastModifiedUser
- lastModifiedTime
- deleted
- revision
- tags
- effectiveAndRelatedComputeMembersWithDisplayNames
The effectiveAndRelatedComputeMembers displays the compute members' original UUID and the effectiveAndRelatedComputeMembersWithDisplayNames displays the compute members' display names.
Existing Services
- isSystemOwned
- configType
- realizationId
- policyIntentPath
- displayName
- createUser
- createTime
- lastModifiedUser
- lastModifiedTime
- deleted
- revision
- tags
- serviceEntriesIds
Existing Service Entries
- serviceEntryType
- serviceProtocol
- sourcePortsArray
- destinationPortsArray
- isSystemOwned
- configType
- realizationId
- policyIntentPath
- displayName
- createUser
- createTime
- lastModifiedUser
- lastModifiedTime
- deleted
- revision
- tags
Missing or deleted Computes If applicable, a list of deleted or missing VMs and physical servers. Missing or deleted Services If applicable, a list of paths for the missing or deleted services. Missing or deleted Groups If applicable, a list of deleted or missing Groups. Missing or deleted rules If applicable, a list of deleted or missing rules. Missing or deleted security policies If applicable, a list of deleted or missing security policies.
-