When a generated Security Intelligence recommendation reaches the Ready to Publish status, you have the option to export it to a JSON file. You can make modifications to this JSON file before you send it as a REST API request for the NSX Policy Manager to process.

Conditions préalables

Procédure

  1. From your browser, log in with the required privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Click Plan & Troubleshoot > Recommendations.
  3. (Facultatif) List only the Security Intelligence recommendations with the Ready to Publish status.
    1. Click Filter in the upper-right area.
    2. From the Apply Filter drop-down menu, select the Status and Ready to Publish filters.
    3. Click Apply.
  4. In the list of Ready to Publish recommendations, click the Actions menu icon Actions menu to the left of the name of the Security Intelligence recommendation that you want to export. Select Export JSON from the drop-down menu.

    The following code snippet gives an example of a partial content of an exported JSON file.

    {
        "resource_type": "Infra",
        "id": "Infra",
        "children": [
            {
                "resource_type": "ChildDomain",
                "id": "default",
                "marked_for_delete": false,
                "Domain": {
                    "resource_type": "Domain",
                    "id": "default",
                    "children": [
                        {
                            "resource_type": "ChildGroup",
                            "marked_for_delete": false,
                            "Group": {
                                "resource_type": "Group",
                                "id": "Group-384fe490-837e-11eb-9688-dd7fccb572d0-904d61f0-0d71-4bc9-ac18-632b6b02efc9",
                                "display_name": "Group-1 (REC 210312 01:59:18)",
                                "description": "Created from REC 210312 01:59:18",
                                "marked_for_delete": false,
                                "expression": [
                                    {
                                        "resource_type": "ExternalIDExpression",
                                        "marked_for_delete": false,
      ...
      ...
        "marked_for_delete": false
    }
  5. Make any necessary modifications to the exported JSON file before you send it as a REST API request that the NSX Policy Manager can process.

    You must first remove the line with the "id" : "Infra" property from the exported JSON file before sending the JSON payload as a PATCH request. Otherwise, you receive a 400 Bad Request response back from the on-premises NSX Policy Manager.

  6. Using an external REST API tool, submit the JSON file containing the Security Intelligence recommendation to the NSX Policy Manager for processing.
    When you submit the Security Intelligence recommendation as a JSON payload into your NSX setup using an external REST API tool, such as Postman, the Security Intelligence application is unaware of the recommendation being processed successfully. That Security Intelligence recommendation is still listed with a Ready to Publish status in the Recommendations list. If you try to review the recommendation by clicking its name, you receive the following message.

    There are no unpublished recommended policies found. A version of these recommendation policies might have been imported and published already into your NSX using an external tool, or they have been deleted.

  7. After successfully submitting the exported recommendation as a JSON payload, manually delete that recommendation from the list of Ready to Publish recommendations in the Plan & Troubleshoot > Recommendations table.