The microsegmentation recommendations that the Security Intelligence feature generates include security policies, policy security groups, and services for applications.
Feature overview
The Security Intelligence recommendations are based on the network traffic flow patterns that occurred between the compute members of selected policy groups, VMs, or physical servers. The recommendations can assist you with enforcing a more dynamic security policy by correlating traffic patterns of communication that have occurred within your NSX environment.
The security policy recommendations are for the east-west or north-south distributed firewall (DFW) security policies in the application category.
The security group recommendations consist of the VMs or physical servers whose traffic flows were analyzed for the time period and the boundary you had specified.
The service recommendations are service objects that were used by applications in the VMs or physical servers that you had specified, but the services are not yet defined in the NSX inventory.
Workflow for generating a recommendation
The following describes, at a high level, how a microsegmentation recommendation is generated by Security Intelligence.
While logged in with the required privileges to an NSX Manager, initiate the new recommendation analysis.
There are multiple ways to request the Security Intelligence recommendations, but the most straightforward way is to click the tab and click Start New Recommendation.
Provide the minimum required information to generate a new Security Intelligence DFW recommendation.
Any compute entities (groups, VMs, or physical servers) in your NSX environment to use as input. If the groups that you select are associated with existing L4 or L7 DFW sections, you also specify whether to use one or more of the existing DFW sections for the recommendation analysis or have the system create a new DFW section. The system can recommend updates to rules in existing DFW sections and give better protection in vulnerable areas for ingress, egress, or intra-application traffic flows between the workloads.
The time range in which the network traffic flows are to be analyzed for the provided compute entities or existing security policy rules. You can modify the default time range of Last 1 Month.
- (選擇性) Modify the default values used in the Advanced Options section.
See Generate a New Security Intelligence Recommendation for details.
Click Start Discovery.
Once the recommendation analysis job status becomes Ready to Publish, review the generated DFW recommendation and publish it.
After the recommendation analysis is finished, you can view the details of the recommendation and, if necessary, modify the recommendation before publishing it. See Review and Publish Generated Security Intelligence Recommendations for details.
- (選擇性) Export a generated Security Intelligence recommendation into a JSON-formatted file or a CSV-formatted file.
If necessary, modify that JSON file using an external REST API tool before submitting it to NSX Policy Manager for processing. For more information, see Export an Security Intelligence Recommendation as a JSON File and Export an Security Intelligence Recommendation as a CSV File.
See the following information on how Security Intelligence generates recommendations.