Create a device group

You can create both dynamic and static device groups. Dynamic groups automatically add all devices that match specified criteria to the group, while static groups require you to manually add each device.

Create a dynamic device group

You can create dynamic device groups with complex filters, which enable you to specify multiple criteria and create nested groups of criteria.
Tip:You can quickly create a dynamic device group from a filtered list of devices on the Devices page. Click Create Dynamic Group from the upper right corner.

You can also create a dynamic device group from a built-in device group. From the Devices page, click a role or protocol, update the filter criteria, and then click the Save icon from the upper right corner.

  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. From the top menu, click Assets and then click Device Groups in the left pane.
  3. Click Create Device Group.
  4. In the Group Name field, type a descriptive name to identify the group
  5. (Optional): In the Description field, add information about this device group.
  6. In the Group Type section, click Dynamic.
  7. In the Filter Criteria section, click Match All and then select one of the following match operators from the drop-down list:
    Option Description
    Match All Filters only devices that match all of the specified criteria.
    Match Any Filters devices that matches any of the specified criteria.
    Match None Filters devices that do not match any of the specified criteria.
  8. Click Name and select one of the following categories from the drop-down list:
    Option Description
    Name Filters devices by the discovered device name. For example, a discovered device name can include the IP address or hostname.
    MAC Address Filters devices by the device MAC address.
    IP Address Filters devices by IP address in IPv4, IPv6, or CIDR block formats.
    Site Filters devices associated with a connected site.

    Command appliances and Reveal(x) 360 only.

    Discovery Time Filters devices automatically discovered by the ExtraHop system within the specified time interval. For more information, see Create a device group based on discovery time.
    Model Filters devices by models and model sets, which are logical groupings of device models. Model sets common on your network are suggested until you filter a specific string.
    Activity Filters devices by protocol activity associated with the device. For example, selecting HTTP Server returns devices with HTTP server metrics, and any other device with a device role set to HTTP Server.
    Cloud Account Filters devices by the cloud service account associated with the device.
    Cloud Instance ID Filters devices by the cloud instance ID associated with the device.
    Cloud Instance Type Filters devices by the cloud instance type associated with the device.
    Critical Filters devices that are considered critical because they provide authentication services or support essential services on your network.
    Role Filters devices by the assigned device role, such as gateway, firewall, load balancer, and DNS Server.
    Software Filters devices by operating system software detected on the device.
    Subnet Filters devices by the subnet associated with the device.
    Tag Filters devices by user-defined device tags.
    Virtual Private Cloud Filters devices by the VPC associated with the device.
    Vendor Filters devices by the device vendor name, as determined by the Organizationally Unique Identifier (OUI) lookup.
    VLAN Filters devices by the device VLAN tag. VLAN information is extracted from VLAN tags, if the traffic mirroring process preserves them on the mirror port.

    Only available if the devices_accross_vlans setting is set to False in the Running Config file.

    CDP Name Filters devices by the CDP name assigned to the device.
    Cloud Instance Name Filters devices by the cloud instance name assigned to the device.
    Custom Name Filters devices by the custom name assigned to the device.
    DHCP Name Filters devices by the DHCP name assigned to the device.
    DNS Name Filters devices by any DNS name assigned to the device.
    NetBIOS Name Filters devices by the NetBIOS name assigned to the device.
  9. Select one of the following operators from the drop-down list; the operators available are based on the selected category:
    Option Description
    = Filters devices that are an exact match of the search field for the selected category.
    Filters devices that do not exactly match the search field.
    Filters devices that include the value of the search field for the selected category.
    ≈/ Filters devices that exclude the value of the search field for the selected category.
    starts with Filters devices that start with the value of the search field for the selected category.
    exists Filters devices that have a value for the selected category.
    does not exist Filters devices that do not have a value for the selected category.
  10. In the search field, type the string to be matched, or select a value from the drop-down list. The input type is determined by the selected category.
    For example, if you want to find devices based on Name, type the string to be matched in the search field. If you want to find devices based on Role, select from the drop-down list of roles.

    Tip:Depending on the selected category, you can click the Regex icon in the text field to enable matching by regular expression.

  11. (Optional): Click Add Filter to add more filter criteria.
  12. (Optional): Click Add Filter Group to add filter criteria to the results of the original filter.
    For example, if you filter for devices names that start with "acct", you can add a new group of criteria that filters for a certain role or tag within the group of devices that start with "acct".
  13. Click Save.
You can change the criteria by clicking the group you want to modify from the Device Groups page, and then clicking Properties.

Create a static device group

  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. Click Assets and then click Device Groups.
  3. Click Create Device Group.
  4. In the Name field, type a name for the new group.
  5. In the Group Type section, select Static.
  6. (Optional): In the Description field, add information about this device group.
  7. Click Save.
    Your device group is now created.
  8. Add devices to your group.
    1. Click Devices in the left pane.
    2. Find a device and then select the checkbox next to the devices you want to add to your group.
    3. At the top of the device table, click Assign to Group.
    4. Select a device group from the Group drop-down list.
    5. Click Add to Group.

Next steps

Remove devices from a group by selecting the checkbox next to the device name and clicking Remove from Group in the upper right corner.
Published 2020-12-04 17:03