If the change-detected icon icon for when change in input is detected appears next to a Ready to Publish, No Recommendations Available, or Failed status, review the changes in the original scope of the Security Intelligence recommendation input entities. Rerun the recommendation analysis, if needed.

The change-detected icon icon for when change in input is detected indicates that some change occurred with the input entities that were used to generate the previous Security Intelligence recommendation. If at least one of the following occurs, the change-detected icon appears in the Recommendations table, next to the affected recommendation.

  • New effective members are added or removed from the originally selected entities that were used to generate the Security Intelligence recommendation.

  • The "applied to the scope" of the security policy changed from the value that was used at the start of the Security Intelligence recommendation analysis.

  • The permissive mode changed for an existing section that was reused to generate the Security Intelligence recommendation.

  • The status changed for a compute entity that was used to generate the Security Intelligence recommendation even if it is not part of the selected entities in the scope boundary. This compute entity is included in the original rule recommendation analysis because it communicated with one of the originally selected compute entities in the scope boundary.

Conditions préalables

Procédure

  1. From your browser, log in with the required privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Plan & Troubleshoot > Recommendations.
  3. To review and rerun an Security Intelligence recommendation, select one of the following methods.
    • Click the change-detected icon icon for when change in recommendation input is detected on the right-side of the status of the recommendation and select Rerun Recommendation.

    • Click the Actions menu action menu icon on the leftmost side of the recommendation's row and select Review & Rerun.

  4. Review the changes in the Review and Rerun dialog box.

    A dialog box similar to the following image gets displayed.

    Note :

    This image shows a Review and Rerun dialog box for a recommendation that has not been canceled. For a canceled recommendation, the Review and Rerun dialog box does not have the Recommendation Boundary tab.


    The Review and Rerun dialog box is described by the text surrounding the image.

    The visualization graph in the top half of the dialog box shows the compute entities that were added or removed since the previous recommendation was generated. A compute entity node with a gray border indicates it was removed from the scope of the recommendation boundary. A node with a green border indicates the new compute entity was added to the scope of the recommendation boundary.

    1. To review the flows and compute entities considered for generating the recommendation, click the All Flows and All Members tabs located below the graph.
    2. To review any changes in the compute entities used as input entities, click the Added Members or Removed Members tab.
  5. (Facultatif) To change the boundary back to the original compute entities used for the previous recommendation analysis, click the Rerun Settings tab and modify the settings as necessary.
  6. To exit the dialog box without generating another recommendation analysis, click Dismiss.
  7. To generate another recommendation analysis, click Rerun Recommendation.

Résultats

After you select Rerun Recommendation, the previously generated recommendation is deleted and cannot be restored. The Security Intelligence recommendation service regenerates the DFW rule recommendation using the modified input entities as the recommendation boundary. Newly detected flows and compute entities for the selected time period are also included in the recommendation analysis. Traffic flows for compute entities that were deleted from the original input entities are not considered in the analysis.

Que faire ensuite

After the new recommendation has the Ready to Publish status, review the recommendation using the information in Review and Publish Generated Security Intelligence Recommendations.