US Patent 11588854 User interface for defining security groups

Some embodiments provide a method for defining security groups in a network. In a user interface, the method displays (i) a set of existing security groups and (ii) a set of recommend security groups based on monitored network flows in the network. Each existing security group and recommended security group includes at least one data compute node (DCN). The method provides a user interface tool for (i) accepting recommended security groups to be part of the set of existing security groups and (ii) adding DCNs from the recommended security groups to the existing security groups. Security rules are defined and implemented in the network for DCNs belonging to existing security groups.