- All ExtraHop systems
Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.
How can we improve?
Create a device group
You can create both dynamic and static device groups. Dynamic groups automatically add all devices that match specified criteria to the group, while static groups require you to manually add each device.
Create a dynamic device group
Tip: | You can
quickly create a dynamic device group from a filtered list of devices on the Devices
page. Click Create Dynamic Group from the upper right
corner. You can also create a dynamic device group from a built-in device group. From the Devices page, click a role or protocol, update the filter criteria, and then click the Save icon from the upper right corner. |
- Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
- From the top menu, click Assets and then click Device Groups in the left pane.
- Click Create Device Group.
- In the Group Name field, type a descriptive name to identify the group
- (Optional): In the Description field, add information about this device group.
- In the Group Type section, click Dynamic.
-
In the Filter Criteria section, click Match
All and then select one of the following match operators from
the drop-down list:
Option Description Match All Filters only devices that match all of the specified criteria. Match Any Filters devices that matches any of the specified criteria. Match None Filters devices that do not match any of the specified criteria. -
Click Name and select one of the following categories
from the drop-down list:
Option Description Name Filters devices by the discovered device name. For example, a discovered device name can include the IP address or hostname. MAC Address Filters devices by the device MAC address. IP Address Filters devices by IP address in IPv4, IPv6, or CIDR block formats. Site Filters devices associated with a connected site. Command appliances and Reveal(x) 360 only.
Discovery Time Filters devices automatically discovered by the ExtraHop system within the specified time interval. For more information, see Create a device group based on discovery time. Analysis Level Filters devices by analysis level, which determines what data and metrics are collected for a device. You cannot create a dynamic device group for devices filtered by analysis level.
Model Filters devices by make and model name. The following tips can help you find the device model you want: - Select the exact match operator (=) to view a drop-down list of existing models and model sets.
- Select the exact match operator (=) and then select Custom Models to filter all devices assigned to a custom model set.
Activity Filters devices by protocol activity associated with the device. For example, selecting HTTP Server returns devices with HTTP server metrics, and any other device with a device role set to HTTP Server. Also filters devices that accepted or initiated an external connection, which can help you determine whether devices are engaged in suspicious activity.
Cloud Account Filters devices by the cloud service account associated with the device. Cloud Instance ID Filters devices by the cloud instance ID associated with the device. Cloud Instance Type Filters devices by the cloud instance type associated with the device. High Value Filters devices that are considered high value because they provide authentication services, support essential services on your network, or are user-specified as high value. Currently Active Filters devices by activity observed on a device in the last 30 minutes. Role Filters devices by the assigned device role, such as gateway, firewall, load balancer, and DNS Server. Software Filters devices by operating system software detected on the device. Subnet Filters devices by the subnet associated with the device. Tag Filters devices by user-defined device tags. Vendor Filters devices by the device vendor name, as determined by the Organizationally Unique Identifier (OUI) lookup. Virtual Private Cloud Filters devices by the VPC associated with the device. VLAN Filters devices by the device VLAN tag. VLAN information is extracted from VLAN tags, if the traffic mirroring process preserves them on the mirror port. Only available if the devices_accross_vlans setting is set to False in the Running Config file.
CDP Name Filters devices by the CDP name assigned to the device. Cloud Instance Name Filters devices by the cloud instance name assigned to the device. Custom Name Filters devices by the custom name assigned to the device. DHCP Name Filters devices by the DHCP name assigned to the device. DNS Name Filters devices by any DNS name assigned to the device. NetBIOS Name Filters devices by the NetBIOS name assigned to the device. -
Select one of the following operators from the drop-down list; the operators
available are based on the selected category:
Option Description = Filters devices that are an exact match of the search field for the selected category. ≠ Filters devices that do not exactly match the search field. ≈ Filters devices that include the value of the search field for the selected category. ≈/ Filters devices that exclude the value of the search field for the selected category. starts with Filters devices that start with the value of the search field for the selected category. exists Filters devices that have a value for the selected category. does not exist Filters devices that do not have a value for the selected category. -
In the search field, type the string to be matched, or select a value from the
drop-down list. The input type is determined by the selected category.
For example, if you want to find devices based on Name, type the string to be matched in the search field. If you want to find devices based on Role, select from the drop-down list of roles.
Tip: Depending on the selected category, you can click the Regex icon in the text field to enable matching by regular expression. - (Optional): Click Add Filter to add more filter criteria.
- (Optional):
Click Add Filter Group to add filter criteria to the
results of the original filter.
For example, if you filter for devices names that start with "acct", you can add a new group of criteria that filters for a certain role or tag within the group of devices that start with "acct".
- Click Save.
Create a static device group
- Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
- Click Assets and then click Device Groups.
- Click Create Device Group.
- In the Name field, type a name for the new group.
- In the Group Type section, select Static.
- (Optional): In the Description field, add information about this device group.
-
Click Save.
Your device group is now created.
-
Add devices to your group.
- Click Devices in the left pane.
- Find a device and then select the checkbox next to the devices you want to add to your group.
- At the top of the device table, click Assign to Group.
- Select a device group from the Group drop-down list.
- Click Add to Group.
Next steps
Remove devices from a group by selecting the checkbox next to the device name and clicking Remove from Group in the upper right corner.
Thank you for your feedback. Can we contact you to ask follow up questions?