A smart folder is a dynamic group of computers that you define with a saved search
query. It finds matching computers each time you click the group. For example, if
you want to view your computers grouped by attributes such as operating system or
AWS project tags, you can do this using smart folders.
 |
TipIf you prefer to search for resources programmatically, you can automate resource
searches using
the Server & Workload Protection API. For examples, see Search for
Resources.
|
You create smart folders by defining:
- What to search (1 - computer properties)
- How to determine a match (2 - operator)
- What to search for (3 - value)
Create a smart folder
-
Go to .
-
Click Create a Smart Folder.A default, empty search criteria group ("rule group") appears. You must configure this first. If you need to define more or alternative possible matches, you can add more rule groups later.
-
Type a name for your smart folder.
-
In the first drop-down list, select a property that all matching computers have, such as Operating System. (See Searchable Properties.)If you selected AWS Tag, Azure Tag, or GCP Label, also type the tag's name or label key.
-
Select the operator: whether to match identical, similar, or opposite computers, such as CONTAINS.
Note
Some operators are not available for all properties. -
Type all or part of the search term.
Note
Wild card characters are not supported.Tip
If you enter multiple words, it compares the entire phrase, not each word separately. No match occurs if the property's value has words in a different order, or only some of the words. To match any of the words, instead click Add Rule and OR, and then add another value: one word per rule. -
If computers must match multiple properties, click Add Rule and AND. Repeat steps 4-6.For more complex smart folders, you can chain multiple search criteria. Click Add Group, then click AND or OR. Repeat steps 4-7.For example, you might have Linux computers deployed both on-premises and in clouds such as AWS, Azure, Google Cloud Platform, or vCloud. You could create a smart folder that contains all of them by using 3 rule groups based on:
- local physical computers' operating system
- AWS tag
- vCenter or vCloud name
Tip
To test the results of your query before saving your smart folder, click Preview. -
Click Save.
-
To verify, click your new smart folder. Verify that it contains all expected computers.
Tip
For faster smart folders, remove unnecessary AND operations, and reduce sub-folder depths. They increase query complexity, which reduces performance.Also verify that it omits computers that shouldn't match the query. If you need to edit your smart folder's query, double-click the smart folder.Note
If your account's role doesn't have the permissions, some computers won't appear, or you won't be able to edit their properties. For more information, see Roles.
Edit a smart folder
If you need to edit your smart folder's query, double-click the smart folder.
To reorder search criteria rules or rule groups, move your cursor onto a rule or group
until it changes to a , then drag it
to its destination.
Clone a smart folder
To duplicate and modify an existing smart folder as a template for a new smart folder,
right-click the original smart folder, then select Copy Smart Folder.
Focus your search using sub-folders
You can use sub-folders to filter a smart folder's search results.
Smart folders can be nested up to 10 levels deep.
-
Smart folder 1
-
Sub-folder 2
- Sub-folder 3 ...
-
For example, you might have a smart folder for all your Windows computers, but want
to focus on computers that are specifically Windows 7, and maybe specifically either
32-bit or 64-bit. To do this, under the "Windows" parent folder, you could create
a child smart folder for Windows 7. Then, under the "Windows 7" folder, you would
create two child smart folders: 32-bit and 64-bit.
- Right-click a smart folder and select Create Child Smart Folder.
- Edit your child smart folder's query groups or rules. Click Save.
- Click your new smart folder. Verify that it contains all expected computers. Also verify that it omits computers that shouldn't match the query.
Automatically create sub-folders
|
NoteApplies to AWS, Azure, and GCP computers only.
|
Instead of manually creating child folders, you can automatically create sub-folders
for each value of an AWS tag, Azure tag, or GCP label that's assigned to an Amazon
EC2 instance, Amazon Workspace, Azure VM, or GCP VM instance. For information on how
to apply tag/labels to your computers, refer to the documentation from your cloud
provider:
- Amazon: Tag your Amazon EC2 resources, Tag WorkSpaces Resources
- Azure: Use tags to organize your Azure resources and management hierarchy
- GCP: Labeling resources.
|
NoteTag/label-based sub-folders will replace any existing manually created child folders
under the parent folder.
|
- In the Server & Workload Protection console, right-click a smart folder and select Smart Folder Properties.
- In the main pane, near the bottom, select the Automatically create sub-folders for each value of a specific tag or label key check box.
- Select either the AWS, Azure, or GCP cloud vendor.
- Type the name of the AWS tag, Azure tag, or GCP label key. Sub-folders are automatically created for each of the tag or label values.
- Click Save.
|
TipEmpty sub-folders can appear if an AWS tag or GCP label value is not being used anymore.
To remove them, right-click the smart folder and select Synchronize Smart Folder.
|
Searchable Properties
Properties are an attribute that some or all computers you want to find have. Smart
folders show computers that have the selected property, and its value matches.
|
NoteType your search exactly as that property appears in Server & Workload Protection - not, for example,
AWS/Azure/GCP. Otherwise, your smart folder query won't match. To find the exact
matching text, (unless otherwise noted) go to Computers and look in
the navigation pane on the left.
|
General
|
Property
|
Description
|
Data type
|
Examples
|
||||
|
Hostname
|
The computer's host name, as seen on Computers >
Details in Hostname.
|
string
|
ca-staging-web1
|
||||
|
Computer Display Name
|
The computer's display name in the Server & Workload Protection console
(if any), as seen on Computers > Details in
Display Name.
|
string
|
nginxTest
|
||||
|
Folder Name
|
The computer's assigned group.
|
string
|
US-East
|
||||
|
Operating System
|
The computer's operating system, as seen on Computers >
Details in Platform.
|
string
|
Microsoft Windows 7 (64 bit) Service Pack 1 Build 7601
|
||||
|
IP Address
|
The computer's IP address.
You can find the IP address in the Server & Workload Protection console.
To find the IP of:
|
IPv4 or IPv6 address, or an IPv4 range
|
172.20.1.5-172.20.1.55
2001:db8:face::5
|
||||
|
Policy
|
The computer's assigned Server & Workload Protection policy, as seen on
Computers > Details.
|
string
(option in drop-down list)
|
Base Policy
|
||||
|
Activated
|
Whether or not the computer has been activated with Workload
Security, as seen on Computers > Details.
|
Boolean
|
Yes
|
||||
|
Docker Host
|
Whether or not Docker is installed on the computer, as seen on
Computers > Details.
|
Boolean
|
No
|
||||
|
Computer Type
|
The type of computer. Options are: Physical Computer, Amazon EC2
Instance, Amazon WorkSpace, vCenter VM, Azure Instance, Azure
ARM Instance, GCP VM Instance.
|
string (option in drop-down list)
|
Examples: Physical Computer, Amazon EC2 Instance
|
||||
|
Last Successful Recommendation Scan
|
Whether or not the computer has had a successful recommendation
scan within a specified time period. The last recommendation
scan date and results can be seen on Computers >
Details > General > Intrusion Prevention or
Integrity Monitoring or Log
Inspection
> Recommendations.
|
Date operator drop-down list, String, Date unit drop-down
list
|
OLDER THAN, 7, DAYS
|
||||
|
Last Agent Communication
|
Whether or not the agent has communicated with Server & Workload Protection within a specified time period. The Last Communication date
can be seen on Computers > Details > General >
Last Communication.
|
Date operator drop-down list, String, Date unit drop-down
list
|
OLDER THAN, 3, DAYS
|
||||
|
Agent Offline
|
Whether or not the agent is offline. This is displayed as
Managed (Offline) or Offline on
Computers > Details > General > Last
Communication.
|
Boolean
|
Yes
|
||||
|
Task(s)
|
State of the computer's tasks, as displayed in the Task(s)
column on the Computers page. For a list of
all possible tasks, see Computer and agent statuses.
|
string
|
Activating
|
||||
|
Host Created Date
|
Date when the computer was added to Server & Workload Protection.
|
string (date)
|
2019-03-15
|
||||
|
Version
|
Agent version.
|
string
|
12.0.0.1
|
AWS
|
Property
|
Description
|
Data type
|
Examples
|
|
Tag
|
The computer's AWS tag key:value pair, as seen on Computers
> Details > Overview > General under Virtual
machine Summary, in Cloud Instance Metadata.
Type the tag name, then its value. Case-sensitive.
|
string
|
Tag Key: env
Tag Value: staging
|
|
Security Group Name
|
The computer's associated AWS security group name, as seen on
Computers > Details > Overview >
General under Virtual machine Summary, in Security
Group(s).
|
string
|
SecGrp1
|
|
Security Group ID
|
The computer's AWS security group ID, as seen on Computers
> Details > Overview > General under Virtual
machine Summary, in Security Group(s).
|
string
|
sg-12345678
|
|
AMI ID
|
The computer's Amazon Machine AMI ID, as seen on Computers
> Details > Overview > General under Virtual
machine Summary, in AMI ID.
|
string
|
ami-23c44a56
|
|
Account ID
|
The computer's associated 12-digit AWS Account ID, as seen on Computers
when you right-click Amazon Account and select
Properties.
Results include computers in sub-folders.
|
string
|
123456789012
|
|
Account Name
|
The computer's associated AWS Account Alias, as seen on Computers
when you right-click the AWS Cloud Connector and select
Properties.
Results include computers in sub-folders.
|
string
|
MyAccount-123
|
|
Region ID
|
The computer's AWS region suffix.
Results include computers in sub-folders.
|
string
|
us-east-1
|
|
Region Name
|
The computer's associated AWS region name.
Results include computers in sub-folders.
|
string
|
US East (Ohio)
|
|
VPC ID
|
The computer's Virtual Private Cloud (VPC) ID.
If an alias exists, the folder name is the alias, followed by the
VPC ID in parentheses. Otherwise the folder's name is the VPC
ID.
Results include computers in sub-folders.
|
string
|
vpc-3005e48a
|
|
Subnet ID
|
The computer's associated Virtual Private Cloud (VPC) subnet
ID.
If an alias exists, the folder name is the alias, followed by the
VPC subnet ID in parentheses. Otherwise the folder's name is the
VPC subnet ID.
Results include computers in sub-folders.
|
string
|
subnet-b1c2e468
|
|
Directory ID
|
The ID of the AWS directory where the user entry associated with
an Amazon WorkSpace resides. The directory ID is seen on the
Computers > Details > Virtual machine
Summary, in the WorkSpace Directory
field. That field takes the format
<directory_alias>(<directory_ID>), for example,
myworkspacedir(d-9367232d89).
|
string
|
d-9367232d89
|
Azure
|
Property
|
Description
|
Data type
|
Examples
|
||
|
Subscription Name
|
The computer's associated Azure subscription account ID, as seen
on Computers when you right-click
Azure and select Properties.
Results include computers in sub-folders.
|
string
|
MyAzureAccount
|
||
|
Resource Group
|
The computer's associated resource group
|
string
|
MyResourceGroup
|
||
|
Location
|
The computer's location name
|
string
|
East US
|
||
|
Tag
|
The computer's Azure tag key:value pair, as seen on
Computers > Details > Overview >
General under under Virtual machine
Summary, in Cloud Instance Metadata.
Type the tag name, then its value. Case-sensitive.
|
string
|
Tag Key: env
Tag Value: staging
|
GCP
|
Property
|
Description
|
Data type
|
Examples
|
|
Label
|
The computer's GCP label key:value pair, as seen on
Computers > Details > Overview >
General under Virtual machine Summary,
in Cloud Instance Metadata.
Type the label key, and then its value. Case-sensitive.
|
string
|
Label Key: env
Label Value: staging
|
|
Network Tag
|
The computer's network tag, as seen on Computers > Details
> Overview > General under Virtual
machine Summary, in Cloud Instance
Metadata.
|
string
|
production
|
vCenter
|
Property
|
Description
|
Data type
|
Examples
|
|
Name
|
The computer's associated vCenter.
Results include computers in sub-folders.
|
string
|
vCenter - lab13-vc.example.com
|
|
Datacenter
|
The computer's associated vCenter data center.
Results include computers in sub-folders.
|
string
|
lab13-datacenter
|
|
Folder
|
The computer's vCenter folder.
Results include computers in sub-folders.
|
string
|
db_dev
|
|
Parent ESX Hostname
|
The hostname of the ESXi hypervisor where the computer's guest VM
is running, as seen on Computers.
|
string
|
lab13-esx2.example.com
|
|
Custom Attribute
|
The computer's assigned vCenter custom attribute, as seen on
Computers > Details in Virtual machine
Summary.
|
string
(comma-separated attribute name and value)
|
env, production
|
vCloud
|
Property
|
Description
|
Data type
|
Examples
|
|
Name
|
The computer's associated vCloud.
Results include computers in sub-folders.
|
string
|
vCloud-lab23
|
|
Datacenter
|
The computer's associated vCloud data center.
Results include computers in sub-folders.
|
string
|
lab13-datacenter
|
|
vApp
|
The computer's associated vCloud data center folder.
Results include computers in sub-folders.
|
string
|
db_dev
|
Active Directory
|
Property
|
Description
|
Data type
|
Examples
|
|
Name
|
The hostname of the Microsoft Active Directory or LDAP
directory.
Results include computers in
sub-folders.
|
string
|
ad01.example.com
|
|
Folder
|
The computer's Microsoft Active Directory or LDAP folder
name.
Results include computers in sub-folders.
|
string
|
Computers
|
Operators
Smart folder operators indicate whether matching computers should have a property
value that is identical, similar, or dissimilar to your search term. Not all operators
are available for every property.
|
Operator
|
Description
|
Example usage
|
|
EQUALS
|
The search query only finds computers that are an exact match.
|
A search query for 'Windows' in the Operating System property does not find computers
with 'Windows 7' or 'Microsoft Windows'.
|
|
DOES NOT EQUAL
|
The search query finds any computers that are not an exact match.
|
A search query for 'Amazon Linux (64 bit)' in the Operating System property finds
all computers other than Amazon Linux 64-bit machines.
|
|
CONTAINS
|
The search query finds any computers that contain the search term.
|
A search query for '203.0.113.' in the IP Address property finds any computers
on the 203.0.113.xxx subnet.
|
|
DOES NOT CONTAIN
|
The search query finds any computers that do not contain the search term.
|
A search query for 'Windows' in the Operating System property finds any computers
that do not have 'Windows' in their operating system name.
|
|
ANY VALUE
|
The search query finds all computers with the selected property.
|
A search query in the Group Name property finds all computers in that group.
|
|
IN RANGE
|
The search query finds all computers between the specified start and end range.
|
A search query in the IP Address property with Start Range 10.0.0.0 and End Range
10.255.255.255 would find all computers with IP addresses between 10.0.0.0 and 10.255.255.255.
|
|
NOT IN RANGE
|
The search query finds all computers that are not between the specified start and
end range.
|
A search query in the IP Address property with Start Range 10.0.0.0 and End Range
10.255.255.255 finds all computers that have IP addresses outside the range of 10.0.0.0
and 10.255.255.255.
|
|
Yes
|
The search query finds all computers with the selected property.
|
A search query with 'Yes' selected for the Docker property finds any computers with
the Docker service running.
|
|
No
|
The search query finds all computers that do not have the selected property.
|
A search query with 'No' selected for the Docker property would find any computers
that do not have the Docker service running.
|
|
OLDER THAN
|
The search query finds all computers prior to the specified date for the property.
Used with an accompanying DAYS, WEEKS, HOURS, or MINUTES operator.
|
A search query with 'OLDER THAN', '7', 'DAYS' for the 'Last Successful Recommendation
Scan' property finds computers that have had a successful recommendation scan 8 days
or longer ago.
|
|
MORE RECENTLY THAN
|
The search query finds all computers more recent than the specified date for the property.
Used with an accompanying DAYS, WEEKS, HOURS, or MINUTES operator.
|
A search query with 'MORE RECENTLY THAN', '1', 'MONTH' for the 'Last Successful Recommendation
Scan' property finds computers that have had a successful recommendation scan earlier
than 1 month ago.
|
|
NEVER
|
The search query finds all computers that do not match the property.
|
A search query with 'NEVER' for the 'Last Successful Recommendation Scan' property
finds computers that have never had a successful recommendation scan.
|