Configuration Differencing

The Node Groups drop-down menu on the Monitored tab (Inventory > Monitored) displays all of the nodes and node groups that are currently being scanned and surveilled within your Guardian instance. Here, you can generate a difference report for multiple nodes or node groups to access the complete set of configuration data present on each node. Within the report, you can filter the results by scan date, differences, and commonalities, all of which can be critical to uncovering and understanding inconsistencies within your node set. This feature can be especially useful when comparing nodes in a cluster (where the node configuration is typically similar between corresponding node groups), or node groups that have a common defining attribute, such as node groups for a specific operating system or role.

When generating a difference report for configuration items, there are four different types of data sets you can choose to difference:

  • Scan Differencing – Difference two scans of the same node. For example, you could select a scan for March 20th 2024 and compare it to a previous scan from Feb 27th 2024 to track the changes in configuration items between those two scan dates. For more information, see Scan Differencing.

  • Node Differencing – Difference the scans of two separate nodes. For example, you could select a scan for node A and compare it to a scan of the same or different date for node B to track the differences and similarities between the configuration items for the selected nodes. For more information, see Node Differencing.

  • Group Differencing – Difference the scans of three or more nodes, similar to the Diff Nodes process. Additionally, you can difference the complete set of nodes within two or more node groups. For more information, see Group Differencing.

    Note: When differencing two or more node groups, the report is automatically populated with the most recent scan data. You cannot select a different scan date. The focus, in this scenario, is on tracking the similarities and differences between the two node groups' configuration data.

  • File Differencing – Difference files allow you to track changes in file contents over time and ensure data consistency. You can make different combinations of configurational differences based on nodes, scans, or files. For example, you can compare the same file on two nodes or compare two different scans of the same file. For more information, see File Differencing.