Node groups allow you group nodes for ease of management. A node can be added to as many node groups as you like. Whilst there aren't specific rules for the types of node groups you should create, the most common include grouping nodes by device type, operating system or applications. e.g.: Windows, Databases, IIS. The usefulness of node groups is directly related to how they simplify management of node related settings for ignore lists, scan options and policies. The key point to remember is that by configuring each of these things at the node group level - not the node level - you greatly simplify their management. When set up properly the only consideration to make when adding new nodes is that they get placed in the appropriate group. Group level settings will take care of everything else.

Dynamic Node Groups

Traditional node groups within UpGuard have been static in nature - without manual intervention, they would remain exactly as they were created until they were removed. While this is suitable for a number of use cases, they fail to effectively reflect the ever-changing state of many enterprises. To overcome this, we have introduced dynamic node groups: node groups whose members are defined by a pattern, rather than statically assigned. This brings many of the advantages of static node groups, in addition to allowing node groups to grow or shrink as the composition of the enterprise changes.

Creating a Dynamic Node Group

Dynamic node group creation follows the same method as static node group creation, with a single additional step. To begin, hit the “Add Node Group” button from the “Nodes” page.

w800

You will then be presented with the standard node group creation page. To create a dynamic node group, simply enter any valid search query into the “Dynamic Group Query” field. This will cause any nodes that would be returned by that query to be automatically added to the group. Conversely, any nodes that fail to satisfy that query will be removed from the node group.

w400

This can be especially useful in situations such as vulnerability tracking, whereby a rule can be created that matches the vulnerable software version and automatically adds the node initially and removes them when they are patched.

Creating a Node Group with Node Rules

Another option for automatically populating a node group is to use regular expressions. From the node group creation page, open the “Node Rules” field.

w500

In this field, you can input regular expressions, one per line, to match against the names of individual nodes.

For example, to match all nodes that include the string ‘test’ in their names, use the following regular expression:

.*test.*

To only match node names that begin with the string ‘windows’, use the following expression:

^windows.*

To match node names that end with a two-digit number, use the following expression:

.*[0-9]{2}$

Regular expressions are a powerful tool. A complete tutorial is beyond the scope of this documentation, but many resources are available on the Internet.