You can export an Security Intelligence DFW recommendation to a CSV file. To be eligible, the recommendation must have the Ready to Publish status before it can be exported to a CSV file.

The ability to export a ready-to-publish DFW recommendation to a CSV file was introduced in the Security Intelligence 4.0.1 release. In the Security Intelligence 4.1.1 release, the exported content is enhanced. The following table lists the section names used in each CSV output version.

Section names used in CSV output for Security Intelligence 4.0.1 release

Section names used in CSV output for Security Intelligence 4.1.1 and later releases

Section description

Security Policies

Security Policies

Security policy created or reused by the Security Intelligence DFW recommendation.

Rules

New Rules

New rules that belong to the above security policy.

Groups

New Groups

New groups recommended in the Security Intelligence DFW recommendation.

Services

New Services

New services recommended by Security Intelligence DFW recommendation.

Services

New Service Entries

New service entries recommended in the Security Intelligence DFW recommendation.

N/A

Modified Existing Rules

Modified existing rules of a reused section in the Security Intelligence DFW recommendation.

N/A

Existing Groups

Existing groups reused in the Security Intelligence DFW recommendation.

N/A

Existing Services

Existing services reused in the Security Intelligence DFW recommendation.

N/A

Existing Service Entries

Existing service entries reused in the Security Intelligence DFW recommendation.

N/A Missing or deleted Computes This section is included in the CSV file if compute entities (VMs and physical servers) that are referenced in the DFW recommendation are now missing or have been deleted
N/A Missing or deleted Services This section is included in the CSV file if service entities that are referenced in the DFW recommendation have been deleted or are now missing.
N/A Missing or deleted Groups This section is included in the CSV file if group entities that are referenced in the DFW recommendation have been deleted or are now missing.
N/A Missing or deleted Rules This section is included in the CSV file if rules that are referenced in the DFW recommendation have been deleted or are now missing.
N/A Missing or deleted security policies This section is included in the CSV file if security policies that are referenced in the DFW recommendation have been deleted or are now missing.

You can export the Security Intelligence DFW recommendation as a CSV file in a summary or detailed format.

Requisitos previos

Procedimiento

  1. From your browser, log in with the required privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Click Plan & Troubleshoot > Recommendations.
  3. (opcional) List only the Security Intelligence recommendations with the Ready to Publish status.
    1. Click Filter in the upper-right area.
    2. From the Apply Filter drop-down menu, select the Status and Ready to Publish filters.
    3. Click Apply.
  4. In the list of Ready to Publish, Published, or Publish Failed recommendations, click the Actions menu icon Actions menu to the left of the name of the Security Intelligence recommendation that you want to export. Select one of the following export options.
    • Export Summary CSV.

      Security Intelligence downloads a file named <recommendation_name>_recommendations_summary.csv to your local system.

      The file contains the following information.

      Section Name

      Included Details

      Security Policies

      • category

      • scope

      • displayName

      Rules

      • action

      • destinationGroups

      • profiles

      • scope

      • services

      • sourceGroups

      • parentPath

      • displayName

      Groups

      • expression

      • displayName

      Services

      • serviceEntriesDisplayNames

      • displayName

      Service Entries

      • displayName

      • alg

      • destinationPorts

      • sourcePorts

      • l4Protocol

      Modified Existing Rules

      • action

      • destinationGroups

      • profiles

      • scope

      • services

      • sourceGroups

      • parentPath

      • displayName

      Existing Groups

      • effectiveAndRelatedComputeMembers

      • scope

      • membershipTypes

      • ipSetIds

      • ipSetContents

      • displayName

      Existing Services

      • serviceEntriesDisplayNames

      • displayName

      Existing Service Entries

      • serviceEntryType

      • serviceProtocol

      • destinationPortsArray

      • displayName

      Missing or deleted Computes

      If applicable, a list of deleted or missing VMs and physical servers.

      Missing or deleted Services

      If applicable, a list of paths for the missing or deleted services.

      Missing or deleted Groups

      If applicable, a list of deleted or missing Groups.

      Missing or deleted rules

      If applicable, a list of deleted or missing rules

      Missing or deleted security policies

      If applicable, a list of deleted or missing security policies

    • Export Detailed CSV:

      Security Intelligence downloads a file named <recommendation_name>_recommendations_detail.csv to your local system.

      This CSV file contains the following information.

      Section Name

      Included Details

      Security Policies

      • applicationConnectivityStrategy
      • connectivityPreference
      • defaultRuleId
      • loggingEnabled
      • category
      • comments
      • internalSequenceNumber
      • isDefault
      • lockModifiedBy
      • lockModifiedTime
      • locked
      • ruleCount
      • scope
      • sequenceNumber
      • stateful
      • tcpStrict
      • overridden
      • parentPath
      • path
      • realizationId
      • relativePath
      • uniqueId
      • resourceType
      • CreateUser
      • CreateTime
      • LastModifiedUser
      • LastModifiedTime
      • SystemOwned
      • id
      • displayName
      • description
      • tags
      • revision
      • links
      • self
      • scopeWithDisplayNames

      Rules

      • action
      • destinationGroups
      • destinationsExcluded
      • direction
      • disabled
      • ipProtocol
      • isDefault
      • logged
      • notes
      • profiles
      • ruleId
      • scope
      • sequenceNumber
      • services
      • sourceGroups
      • sourcesExcluded
      • tag
      • overridden
      • parentPath
      • path
      • realizationId
      • relativePath
      • uniqueId
      • resourceType
      • CreateUser
      • CreateTime
      • LastModifiedUser
      • LastModifiedTime
      • SystemOwned
      • id
      • displayName
      • description
      • tags
      • revision
      • links
      • self
      • scopeWithDisplayNames
      • destinationGroupsWithDisplayNames
      • sourceGroupsWithDisplayNames
      • servicesWithDisplayNames
      • parentPathWithDisplayNames

      Groups

      • expression
      • extendedExpression
      • groupType
      • reference
      • state
      • overridden
      • parentPath
      • path
      • realizationId
      • relativePath
      • uniqueId
      • resourceType
      • CreateUser
      • CreateTime
      • LastModifiedUser
      • LastModifiedTime
      • SystemOwned
      • id
      • displayName
      • description
      • tags
      • revision
      • links
      • self
      • expressionWithDisplayNames

      Services

      • serviceType
      • parentPath
      • path
      • realizationId
      • relativePath
      • uniqueId
      • resourceType
      • CreateUser
      • CreateTime
      • LastModifiedUser
      • LastModifiedTime
      • SystemOwned
      • id
      • displayName
      • description
      • tags
      • revision
      • links
      • self
      • serviceEntriesIds

      Service Entries

      • resourceType
      • overridden
      • parentPath
      • path
      • realizationId
      • relativePath
      • uniqueId
      • id
      • displayName
      • description
      • tags
      • revision
      • links
      • self
      • alg
      • destinationPorts
      • sourcePorts
      • l4Protocol

      Modified Existing Rules

      • action
      • destinationGroups
      • destinationsExcluded
      • direction
      • disabled
      • ipProtocol
      • isDefault
      • logged
      • notes
      • profiles
      • ruleId
      • scope
      • sequenceNumber
      • services
      • sourceGroups
      • sourcesExcluded
      • tag
      • overridden
      • parentPath
      • path
      • realizationId
      • relativePath
      • uniqueId
      • resourceType
      • CreateUser
      • CreateTime
      • LastModifiedUser
      • LastModifiedTime
      • SystemOwned
      • id
      • displayName
      • description
      • tags
      • revision
      • links
      • self
      • scopeWithDisplayNames
      • destinationGroupsWithDisplayNames
      • sourceGroupsWithDisplayNames
      • servicesWithDisplayNames
      • parentPathWithDisplayNames

      Existing Groups

      • policyIntentPath
      • effectiveAndRelatedComputeMembers
      • scope
      • membershipTypes
      • ipSetIds
      • ipSetContents
      • isSystemOwned
      • configType
      • realizationId
      • displayName
      • createUser
      • createTime
      • lastModifiedUser
      • lastModifiedTime
      • deleted
      • revision
      • tags
      • effectiveAndRelatedComputeMembersWithDisplayNames

      The effectiveAndRelatedComputeMembers displays the compute members' original UUID and the effectiveAndRelatedComputeMembersWithDisplayNames displays the compute members' display names.

      Existing Services

      • isSystemOwned
      • configType
      • realizationId
      • policyIntentPath
      • displayName
      • createUser
      • createTime
      • lastModifiedUser
      • lastModifiedTime
      • deleted
      • revision
      • tags
      • serviceEntriesIds

      Existing Service Entries

      • serviceEntryType
      • serviceProtocol
      • sourcePortsArray
      • destinationPortsArray
      • isSystemOwned
      • configType
      • realizationId
      • policyIntentPath
      • displayName
      • createUser
      • createTime
      • lastModifiedUser
      • lastModifiedTime
      • deleted
      • revision
      • tags
      Missing or deleted Computes If applicable, a list of deleted or missing VMs and physical servers.
      Missing or deleted Services If applicable, a list of paths for the missing or deleted services.
      Missing or deleted Groups If applicable, a list of deleted or missing Groups.
      Missing or deleted rules If applicable, a list of deleted or missing rules.
      Missing or deleted security policies If applicable, a list of deleted or missing security policies.