Create and define filter groups in Security Operations

Create and use filter groups to locate records from any table on your instance. For example, you can create a group of all computers by the same manufacturer. You can also filter configuration items (CIs) that have similar vulnerabilities or that fall within a particular subnet IP address range.

Before you begin

Role required: sn_sec_cmn.write

About this task

Filter groups can contain dynamically updated records, a series of static records that are not filtered using conditions, or a combination of dynamically updated and static records. Some filter groups are included in the base system, for example, CI exclusions.

Procedure

  1. Navigate to Security Operations > Groups > Filter Groups.
  2. Click New.
  3. Fill in the fields on the form, as appropriate.
    Field Description
    Name The name of the filter group.
    Active Box to activate the group.
    Description Description for the filter group.
    Network IP Address The network IP address that contains the IP addresses of the CIs you want to add to the group.

    This field appears only if you have selected Configuration Item [cmdb_ci] or a table that extends configuration item in the Table field.

    Subnet Mask The subnet that contains the IP addresses of the CIs you want to add to the group, for example, 255.255.255.0.

    This field appears only if you selected Configuration Item [cmdb_ci] or a table that extends configuration item in the Table field.

    Table The table to be filtered.
    Condition Use the condition builder to define the criteria to be filtered.
  4. Right-click the form header and select Save.
    The Advanced Conditions tab appears.

    Depending on the type of table you specified in the Table field, the following tabs appear:

    Table Tabs Displayed
    Configuration Item [cmdb_ci] or a table that extends the configuration item table Manually Added CIs and Matching CIs
    Task [task] or a table that extends the task table Manually Added Tasks and Matching Tasks
    A table not related to a CI or task Manually Added Record
  5. To define more conditions for your filter group:
    1. Click Advanced Conditions.
    2. Insert a new row into the Additional Filter Group Conditions embedded list to select other pre-built filter groups that you want to combine with the filter group that you are updating. If you want the selected filter group to filter records based on a reference field, a mapped field is automatically selected when the current record is saved.
      Note: The Mapped field value cannot be edited from the Additional Filter Group Conditions embedded list. To change the field and open the record, click the information icon .
    3. Click Update.
  6. To manually add more CIs or tasks to the filter group:
    1. Click the Manually Added CIs or Manually Added Tasks tab.
    2. Click Edit.
    3. Select the CIs or tasks you want to add.
    4. Click Save.
  7. To view the CIs or tasks that match your selection criteria:
    1. Click the Matching CIs or Matching Tasks tab.
    2. If you changed the criteria, refresh the list by right-clicking in the form header and selecting Refresh List.