If the change-detected icon 
appears next to a Ready to Publish, No Recommendations Available, or Failed status, review the changes in the original scope of the Security Intelligence recommendation input entities. Rerun the recommendation analysis, if needed.
The change-detected icon indicates that some change occurred with the input entities that were used to generate the previous Security Intelligence recommendation. If at least one of the following occurs, the change-detected icon appears in the [Recommendations] table, next to the affected recommendation.
New effective members are added or removed from the originally selected entities that were used to generate the Security Intelligence recommendation.
The "applied to the scope" of the security policy changed from the value that was used at the start of the Security Intelligence recommendation analysis.
The permissive mode changed for an existing section that was reused to generate the Security Intelligence recommendation.
The status changed for a compute entity that was used to generate the Security Intelligence recommendation even if it is not part of the selected entities in the scope boundary. This compute entity is included in the original rule recommendation analysis because it communicated with one of the originally selected compute entities in the scope boundary.
前提条件
You must have previously generated an Security Intelligence recommendation. See Generate a New Security Intelligence Recommendation.
Ensure you have the required privileges to rerun the Security Intelligence recommendations. See Security Intelligence でのロールベースのアクセス コントロール for more information.
手順
- To review and rerun an Security Intelligence recommendation, select one of the following methods.
-
Click the change-detected icon
on the right-side of the status of the recommendation and select [Rerun Recommendation]. -
Click the [Actions] menu
on the leftmost side of the recommendation's row and select [Review & Rerun].
-
- Review the changes in the [Review and Rerun] dialog box.
A dialog box similar to the following image gets displayed.
注:This image shows a [Review and Rerun] dialog box for a recommendation that has not been canceled. For a canceled recommendation, the [Review and Rerun] dialog box does not have the [Recommendation Boundary] tab.
The visualization graph in the top half of the dialog box shows the compute entities that were added or removed since the previous recommendation was generated. A compute entity node with a gray border indicates it was removed from the scope of the recommendation boundary. A node with a green border indicates the new compute entity was added to the scope of the recommendation boundary.
- To review the flows and compute entities considered for generating the recommendation, click the [All Flows] and [All Members] tabs located below the graph.
- To review any changes in the compute entities used as input entities, click the [Added Members] or [Removed Members] tab.
結果
After you select [Rerun Recommendation], the previously generated recommendation is deleted and cannot be restored. The Security Intelligence recommendation service regenerates the DFW rule recommendation using the modified input entities as the recommendation boundary. Newly detected flows and compute entities for the selected time period are also included in the recommendation analysis. Traffic flows for compute entities that were deleted from the original input entities are not considered in the analysis.
次のタスク
After the new recommendation has the Ready to Publish status, review the recommendation using the information in Review and Publish Generated Security Intelligence Recommendations.
