Group computers dynamically with smart folders

This feature is coming soon in Deep Security 10.

A smart folder is a dynamic group of computers that you define with a saved search query. It finds matching computers each time you click the group. For example, if you want to view your computers grouped by attributes such as operating system or AWS project tags, you can do this using smart folders.

You create smart folders by defining:

  1. What to search (computer properties)
  2. How to determine a match (operator)
  3. What to search for ( value)
Smart folder query

Create a smart folder

  1. Go to Computers > Smart Folders.
  2. Click Create a Smart Folder.

    A default, empty search criteria group ("rule group") appears. You will configure this first. If you need to define more or alternative possible matches, you can add more rule groups later.

  3. Type a name for your smart folder.
  4. In the first dropdown, select a property that all matching computers have, such as Operating System.

    If you selected AWS Tag, also type the tag's name.

  5. Select the operator: whether to match identical, similar, or opposite computers, such as CONTAINS.
  6. Some operators are not available for all properties.
  7. Type all or part of the search term.

    Wild card characters are not supported.
    If you enter multiple words, it compares the entire phrase — not each word separately. No match will occur if the property's value has words in a different order, or only some of the words.
    To match any of the words, instead click Add Rule and OR, and then add another value: one word per rule.
  8. If computers must match multiple properties, click Add Rule and AND. Repeat steps 4-6.

    For more complex smart folders, you can chain multiple search criteria. Click Add Group, then click AND or OR. Repeat steps 4-7.

    For example, you might have Linux computers deployed both on-premises and in clouds such as AWS, Azure, or vCloud. You could create a smart folder that contains all of them by using 3 rule groups based on:

    1. local physical computers' operating system
    2. AWS tag
    3. vCenter / vCloud name

    smart folder hybrid

  9. To test the results of your query before saving your smart folder, click Preview.
  10. Click Save.
  11. To verify, click your new smart folder. Verify that it contains all expected computers.

    For faster smart folders, remove unnecessary AND operations, and reduce sub-folder depths. They increase query complexity, which reduces performance.

    Also verify that it omits computers that shouldn't match the query. If you need to edit your smart folder's query, double-click the smart folder.

    If your account's role doesn't have the permissions, some computers won't appear, or you won't be able to edit their properties. For more information, see Roles.

Edit a smart folder

If you need to edit your smart folder's query, double-click the smart folder.

To reorder search criteria rules or rule groups, move your cursor onto a rule or group until it changes to a 4 way arrow, then drag it to its destination.

Clone a smart folder

To duplicate and modify an existing smart folder as a template for a new smart folder, right-click the original smart folder, then select Copy Smart Folder.

Focus your search using sub-folders

You can use sub-folders to filter a smart folder's search results.

Smart folders can be nested up to 10 levels deep.

  • Smart folder 1
    • Sub-folder 2
      • Sub-folder 3 ...

For example, you might have a smart folder for all your Windows computers, but want to focus on computers that are specifically Windows 7, and maybe specifically either 32-bit or 64-bit. To do this, under the "Windows" parent folder, you could create a child smart folder for Windows 7. Then, under the "Windows 7" folder, you would create two child smart folders: 32-bit and 64-bit.

child smart folders

  1. Right-click a smart folder and select Create Child Smart Folder.
  2. Edit your child smart folder's query groups or rules. Click Save.
  3. Click your new smart folder. Verify that it contains all expected computers. Also verify that it omits computers that shouldn't match the query.

Automatically create sub-folders

Applies to AWS computers only.

Instead of manually creating child folders, if you use Amazon's cloud, you can automatically create sub-folders for each value of an AWS tag. For information on how to apply AWS tags to your computers, see Amazon's guide on Tagging Your Amazon EC2 Resources.

AWS tag-based sub-folders will replace any existing manually created child folders under the parent folder.
  1. Select the Automatically create sub-folders for each value of a specific AWS tag key: check box located below the smart folder groups.
  2. Type name of the AWS tag. Sub-folders will be automatically created for each of this tag's values.
  3. Click Save.
Empty sub-folders can appear if an AWS tag value is not being used anymore. To remove them, right-click the smart folder and select Synchronize Smart Folder.

Searchable Properties

Properties are an attribute that some or all computers you want to find have. Smart folders will show computers that have the selected property, and its value matches.

Type your search exactly as that property appears in Deep Security Manager— not, for example, vCenter / AWS / Azure. Otherwise your smart folder query won't match.
To find the exact matching text, (unless otherwise noted) go to Computers and look in the navigation pane on the left.

General

Property Description Data type Examples
Hostname The computer's host name, as seen on Computers > Details in Hostname. string ca-staging-web1
Computer Display Name The computer's display name in Deep Security (if any), as seen on Computers > Details in Display Name. string nginxTest
Group Name The computer's assigned group. string US-East
Operating System The computer's operating system, as seen on Computers > Details in Platform. string

Microsoft Windows 7 (64 bit) Service Pack 1 Build 7601

IP Address

The computer's IP address.

Location varies by type of computer:

  • AWS — Computers > Details > Overview > General under Virtual machine Summary, in:
    • Private IP Address
    • Public IP (PIP) Address
  • Azure — Computers > Details > Overview > General under Virtual machine Summary, in:
    • Private IP Address
    • Public IP (PIP) Address
  • Physical (not AWS / Azure / vCenter / vCloud) — Computers > Details > Interfaces

    If "DHCP" is displayed instead of a static IP address, it won't match the smart folder query.
  • vCenter — Computers > Details > Overview > General under VMware Virtual Machine Summary, in IP Address
  • vCloud — Computers > Details > Overview > General under Virtual machine Summary, in IP Address
IPv4 / IPv6 address, or an IPv4 range

172.20.1.5-172.20.1.55

2001:db8:face::5

Policy The computer's assigned Deep Security policy, as seen on Computers > Details.

string

(option in dropdown list)

Base Policy

Activated Whether or not the computer has been activated with Deep Security Manager, as seen on Computers > Details. Boolean Yes
Docker Host

Whether or not Docker is installed on the computer, as seen on Computers > Details.

Boolean No

AWS

Property Description Data type Examples
Tag

The computer's AWS tag key:value pair, as seen on Computers > Details > Overview > General under Virtual machine Summary, in Cloud Instance Metadata.

Type the tag name, then its value, separated by a comma. Case-sensitive.

string (comma-separated tag name and value) env, staging
Security Group Name The computer's associated AWS security group, as seen on Computers > Details > Overview > General under Virtual machine Summary, in Security Group Name. string SecGrp1
AMI ID The computer's Amazon Machine Image ID, as seen on Computers > Details > Overview > General under Virtual machine Summary, in AMI ID. string ami-23c44a56
Account ID

The computer's associated 12-digit AWS Account ID, as seen on Computers when you right-click Amazon Account and select Properties.

Results include computers in sub-folders.

string 123456789012
Account Name

The computer's associated AWS Account Alias, as seen on Computers when you right-click the AWS Cloud Connector and select Properties.

Results include computers in sub-folders.

string MyAccount-123
Region ID

The computer's AWS region suffix.

Results include computers in sub-folders.

string us-east-1
Region Name

The computer's associated AWS region name.

Results include computers in sub-folders.

string US East (Ohio)
VPC ID

The computer's Virtual Private Cloud (VPC) ID.

If an alias exists, the folder name will be the alias, followed by the VPC ID in parentheses. Otherwise the folder's name will be the VPC ID.

Results include computers in sub-folders.

string vpc-3005e48a
Subnet ID

The computer's associated Virtual Private Cloud (VPC) subnet ID.

If an alias exists, the folder name will be the alias, followed by the VPC subnet ID in parentheses. Otherwise the folder's name will be the VPC subnet ID.

Results include computers in sub-folders.

string subnet-b1c2e468

Azure

Property Description Data type Examples
Subscription Name

The computer's associated Azure subscription account ID, as seen on Computers when you right-click Azure and select Properties.

Results include computers in sub-folders.

string MyAzureAccount
Resource Group The computer's associated resource group. string MyResourceGroup

vCenter

Property Description Data type Examples
Name

The computer's associated vCenter.

Results include computers in sub-folders.

string vCenter - lab13-vc.example.com
Datacenter

The computer's associated vCenter data center.

Results include computers in sub-folders.

string lab13-datacenter
Folder

The computer's vCenter folder.

Results include computers in sub-folders.

string db_dev
Parent ESX Hostname

The host name of the ESX / ESXi hypervisor where the computer's guest VM is running, as seen on Computers.

string lab13-esx2.example.com
Custom Attribute

The computer's assigned vCenter custom attribute, as seen on Computers > Details in Virtual machine Summary.

string

(comma-separated attribute name and value)

env, production

vCloud

Property Description Data type Examples
Name

The computer's associated vCloud.

Results include computers in sub-folders.

string vCloud-lab23
Datacenter

The computer's associated vCloud data center.

Results include computers in sub-folders.

string lab13-datacenter
vApp

The computer's associated vCloud data center folder.

Results include computers in sub-folders.

string db_dev

Folder

Property Description Data type Examples
Name The host name of the Microsoft Active Directory or LDAP directory.

Results include computers in sub-folders.

string ad01.example.com
Folder

The computer's Microsoft Active Directory or LDAP folder name.

Results include computers in sub-folders.

string Computers

Operators

Smart folder operators indicate whether matching computers should have a property value that is identical, similar, or dissimilar to your search term.

Operator Description Examples
EQUALS Results are a complete, exact match.

Operating System EQUALS Microsoft Windows

Matches:

Nothing. ("Windows Server 2003", for example, does not completely match all words.)

DOES NOT EQUAL Results are not an exact match.

Operating System DOES NOT EQUAL Amazon Linux (64 bit)

Matches:

All computers except Amazon Linux 64-bit.

CONTAINS Results have the search term (a partial or complete match).

IP Address CONTAINS 10.1.1

Matches:

All computers on the 10.1.1.xxx subnet.

DOES NOT CONTAIN Results don't have the search term.

Operating System DOES NOT CONTAIN Windows

Matches:

All computers except Windows.

ANY VALUE Results are all computers with the selected property, regardless of the property's value.

Group Name ANY VALUE

Matches:

All computers with a group name.

Operators

Not all operators are available for every property.

Operator Description Example usage
EQUALS The search query will only find computers that are an exact match. A search query for 'Windows' in the Operating System property will not find computers with 'Windows 7' or 'Microsoft Windows'.
DOES NOT EQUAL The search query will find any computers that are not an exact match. A search query for 'Amazon Linux (64 bit)' in the Operating System property will find all computers other than Amazon Linux 64-bit machines.
CONTAINS The search query will find any computers that contain the search term. A search query for '203.0.113.' in the IP Address property will find any computers on the 203.0.113.xxx subnet.
DOES NOT CONTAIN The search query will find any computers that do not contain the search term. A search query for 'Windows' in the Operating System property would find any computers that do not have 'Windows' in their operating system name.
ANY VALUE The search query will find all computers with the selected property. A search query in the Group Name property would find all computers in that group.
IN RANGE The search query will find all computers between the specified start and end range. A search query in the IP Address property with Start Range 10.0.0.0 and End Range 10.255.255.255 would find all computers with IP addresses between 10.0.0.0 and 10.255.255.255.
NOT IN RANGE The search query will find all computers that are not between the specified start and end range. A search query in the IP Address property with Start Range 10.0.0.0 and End Range 10.255.255.255 would find all computers that have IP addresses outside the range of 10.0.0.0 and 10.255.255.255.
Yes The search query will find all computers with the selected property. A search query with 'Yes' selected for the Docker property would find any computers with the Docker service running.
No The search query will find all computers that do not have the selected property. A search query with 'No' selected for the Docker property would find any computers that do not have the Docker service running.