Security Intelligence - Error while Exporting Recommendations as CSV and Re-running some Recommendations
search cancel

Security Intelligence - Error while Exporting Recommendations as CSV and Re-running some Recommendations

book

Article ID: 392162

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention VMware vDefend Firewall

Issue/Introduction

Introduction:

NSX Intelligence fails to process group names that start or end with square brackets ([, ]) or contain commas (,). This leads to issues when re-running recommendations and exporting detailed CSV reports. The issue stems from how the internal logic parses list data, misidentifying individual group names as list structures.

Symptoms:

  1. In the NSX Manager under the "Plan & Troubleshoot" tab, within "Recommendations", when selecting the three dots on an existing recommendation and clicking "Export Detailed CSV", an error notification appears under the bell icon, stating something similar to the following:

    "Feb 21, 2025, 12:05:17 PM : Http failure response for https://nsx-manager-fqdn/napp/api/v1/intelligence/recommendations/aaaabbbbcccc-ddddd-eeee-ffff/export?output_format=DETAILED&site_id=aaaaabbbbb-cccc-dddd-eeee-ffffffff: 400 Bad Request"

  2. When clicking on any recommendation in the "Ready to Publish" state, a dialog box pops up with the following message:

    "Missing Entities Detected:
    The following entities originally used in the previous policy recommendation were deleted in NSX Manager. It is advisable to generate a new policy recommendation by clicking RERUN and resubmit any applicable changes made in the previous recommendation. Otherwise, to view the updated policy entities, click REVIEW."

    When clicking REVIEW, an error message appears at the top of the dialog box:

    "<> entities originally used in the previous policy recommendation have been deleted in NSX Manager. Remove or edit them to proceed to the sequencing step."

Environment

All Versions of Security Intelligence deployed on NSX Application Platform(NAPP) and vDefend SSP 5.0

Cause

Group names with leading/trailing square brackets or commas are misinterpreted as arrays or lists due to internal delimiter logic ([, ], ,). The code that parses group lists cannot distinguish between an actual list and a single group name that resembles a list format.

Resolution

This issue is resolved in SSP (Security Services Platform) version 5.1.

Workaround for NAPP/SSP 5.0:

  • Avoid using group names that begin or end with square brackets ([, ]) or contain commas (,).

  • To modify the group names, navigate to NSX Manager UI → Inventory → Groups and edit the group names as needed.

  • If there are a large number of groups that cannot be modified manually, please open a support ticket with Broadcom Support for assistance.

Powered by Wolken Software