When creating a dynamic asset group, we have a number of filter conditions to get to a list of assets, but when trying to eliminate a subset of the assets, we notice there is no ‘Not equal to’ condition available in the OS description.
For instance, some assets in the database have failed credentials and populate the OS with a generic “Microsoft Windows”, but we want to eliminate the generic ones without eliminating “Microsoft Windows 10” or “Microsoft Windows Server”.
This can be done in the Query Builder and saved, but you can only create a csv, report or project from that, not a dynamic asset group.
Any help would be appreciated.
I just did some messing around with dynamic asset groups and I see what you mean. I was going to maybe suggest filtering by tag, since you can include/exclude whatever tags you want from the group. But I know tags have the same filtering rules as asset groups, so I’m guessing your generic “Microsoft Windows” assets aren’t tagged as such.
It might be easiest to just create a group that has rules for “OS contains Microsoft Windows 10”, “Microsoft Windows Server”, etc. I know there’s a lot of different Microsoft OS’s, but since the filter is using a “contains”, it’s going to account for all the variations of those OS’s, so you won’t actually need that many rules. And that’ll still exlude the generic “Microsoft Windows.”
Thank you for the suggestion. We were actually trying to create an asset group that would help us identify obsolete OS’s, so “does not contain” what we consider to be the ‘approved’ OS’s would provide a list of assets that do not fit the approved criteria.
The fact that it is possible in query builder, but not in the filtered asset search when creating/modifying a group is the reason I even raise it as an issue. I will see if I can enter a feature request for it.
The other thing identified today was that there is also no filtered search item for Vulnerability Severity when creating a dynamic group either. Query Builder again does have this, but we can only export to csv, create a project or create a report, not create an asset group.
We have been trying to create custom groups that we can use for our internal reporting metrics and quick lookups for assets that have Severe and Critical vulnerabilities. The Dashboard tile metrics have been an issue because they too are not configurable to eliminate assets or allow us to see the foundational logic for them.
Again, thank you for your reply. I really appreciate it.
1 Like
I see what you mean now. I think in that case you could still technically create a dynamic asset group with multiple filters like “OS does not contain Microsoft Windows 10” and so on, though it may be more work depending on how many approved OS’s you want to add filters for. I do get that it’s a bit unfortunate to have differing filters across the two tools.
Chatting with one of our specialists about this, another option is to create a remediation project or a goal to track these assets, since those do allow you to use the query builder. I know you’ve mentioned wanting to use dynamic asset groups and it sounds like your team’s done that in other instances, but goals and projects are an alternative that provide an actionable way to track progress with those assets and see what all the team’s achieved thus far. That may not be exactly The Answer if you’re wanting DAGs, but it’s an option that others have used a lot.
1 Like