Each node in a group may contain a configuration file that is specific to that node, or that changes on a regular basis as part of day-to-day operations. If such files are included in scans, changes will be reported continuously and create unnecessary noise in scan reports. By utilizing ignore lists, these files can still be included in scans, but changes will not be reported, helping to ensure that reports contain only relevant information.
Adding Configuration Items to be Ignored
Certain attributes and permissions on configurations are generally expected to be different across nodes. Should you feel that the differences are not of a concern, you may filter them out through the Ignore List feature.
This applies to comparisons between two nodes, and not between nodes in a group of 3 or more. Ignoring attributes across a group would have to be defined on the Node Group level in the Edit tab. Adding these ignored items can be performed by right clicking them on a member node page.
Upon viewing a difference/comparison between two nodes, you will see the differences indicated in the Display section in the left sidebar.
To reduce the noise, click on any of the Configuration Items that are indicated as a Difference, and a right panel will appear showing the attribute details of the configuration item. The parts that are highlighted by a yellow bar running down the attribute will be where the differences are being detected.
To ignore a selected attribute, simply right click on the attribute and hover to ‘Add to Ignore List’.
Select the Node Group you wish to apply it to.
Refresh the page if you do not notice a difference.
This achieves the same effect as if you were to add attributes to the ignore list from a single member node of a node group as mentioned in the note above.
You will notice that the differences in the left sidebar will begin to drop to a more manageable number. Should you wish to toggle the view to display the ignore items, you may choose to do so by toggling the switch on Ignored Items in the same Display section.
Viewing a Node Group’s Ignored Items
You can view any ignored items assigned to a node group by navigating to Discover > Monitored and then locating the node group in the Node Groups panel on the left side. Click the gear icon, then click Edit.
Then scroll down to the Ignored Items section and click to expand. This should show if you have any ignored items assigned to this node group. In the example below, we have asked that UpGuard not report on any changes to the “Department” tag associated with any of the buckets in our S3 Buckets node group.
As noted above, you can configure a node’s day-to-day change ignore items separately from the Group Diff ignored items. In the example above, you can expand the section called “Group Diff Ignored Items” to see Group Diff related ignore items instead.
For more information on the Group Diff functionality, please visit our guide on Group Differencing.
Conversely, if you would like to be alerted when rarely changing items drift, please visit our guide on How to Monitor For Rarely Changing Configuration Items.