Dynamic Group Queries

Node groups are a powerful mechanism within Cloudhouse Guardian (Guardian) that are used to group nodes with similar properties and roles. For example, you could choose to organize your nodes according to device type, operating system (OS), application, or any other combination of defining criteria. A standard (static) node group requires commitment to continually monitor and maintain. However, instead of manually organizing nodes into the groups they belong to, you can use a dynamic group query to define a pattern or common attribute occurring in nodes and apply that query to the node group's configuration settings.

Any nodes that would be returned by the query are then automatically assigned to the node group; any nodes that fail to satisfy the query are removed from the group. This can be especially useful in situations such as vulnerability tracking, whereby a rule can be created that matches the vulnerable software version. The query would automatically add the nodes to the group and then remove them once they are patched. This additional step makes a static group, dynamic.

Note: Guardian has automated the creation of dynamic node groups according to node type. For example, if you add a Windows node, the appliance automatically creates a dynamic 'Windows' node group. The original Windows node and any following Windows nodes are then automatically assigned to that node group.

To add a dynamic group query to an existing node group, complete the following steps:

Note: To create a dynamic node group from scratch, you need to add a new node group and apply a dynamic group query. For more information on how to add a new node group, see Add Node Group. This topic describes how to apply the required dynamic group query.

  1. In the Guardian web application, navigate to the Monitored tab (Inventory > Monitored). By default, all currently monitored nodes are displayed.

  2. In the Node Groups drop-down menu, locate the node group you want to edit. Then, click the Settings button (Settings button as shown in the Guardian user interface.).

  3. Select Edit from the list of options displayed. The node group settings page is displayed.

  4. Click the Dynamic Group Query drop-down menu to display the Query Expression field.

    Note: For more information about each of the sections not described in this topic, see Edit Node Group.

  5. Enter a query in the field provided. For example, to automatically assign any nodes that have OpenSSL version 1.0.1 installed to the node group, the following query would be used: Packages: openssl with version: 1.0.1.

    Note: Any nodes that upgrade past that version would also be automatically removed from the group. For more information on complex dynamic group queries, see Complex Dynamic Group Queries below.

  6. Once complete, click the Check button (Checkmark button as shown in the Guardian user interface.) to add the query to your node group's settings. Repeat as required.

  7. Then, click to Save your settings and apply them to the node group.

If successful, a confirmation message is displayed and the node group is updated and displayed. Any nodes that match the query's criteria are automatically assigned to the node group. For more information on node groups, see Node Groups.

Complex Dynamic Group Queries

The following section provides some examples of the type of complex dynamic group queries that can be used to automatically assign nodes to your dynamic node groups.

To assign all Ubuntu nodes into a dynamic node group, use the following query:

inventory:os_distro_name WITH value:ubuntu EXACT

To assign all Ubuntu 18.04 nodes into a dynamic node group, use the following query:

inventory:os_distro_name WITH value:ubuntu AND inventory:os_distro_version WITH value:18.04 EXACT

To assign all Windows 2012 R2 Servers into a dynamic node group, use the following query:

inventory:osfamily WITH value:Windows EXACT AND inventory:operatingsystem WITH value:2012 R2

Note: You don’t need to put values, such as the 2012 R2 server edition, in quotation marks as the Cloudhouse query tokenizer knows how to handle values with spaces.

To assign all Windows 2012 Servers, excluding Windows 2012 R2 servers, use the following query:

inventory:osfamily WITH value:Windows EXACT AND inventory:operatingsystem WITH value:2012 AND NOT inventory:operatingsystem WITH value:R2