Using groups in queries and policies

Short overview of conditional operators for queries and where to use groups in policies.

Queries

Queries use conditional operators with groups. Here are examples of each conditional operator:

  • IN GROUP - If the value matches any member of the selected group, the condition is true. IN ALIASES GROUP, this operator works on a group of the same type as IN GROUP, however assumes the members of that group are aliases. Note that the IN GROUP/IN ALIASES GROUP operators expect the group to contain actual values or aliases respectively. Query Builder will look for records with database values matching the aliases value in the group.
  • NOT IN GROUP - If the value does not match any member of the selected group, the condition is true. NOT IN ALIASES GROUP, this works on a group of the same type as NOT IN GROUP, however assumes the members of that group as aliases.
  • IN DYNAMIC GROUP - If the value matches any member of a group that will named as a run-time parameter, the condition is true. IN DYNAMIC ALIASES GROUP, this works a group of the same type as IN DYNAMIC GROUP, however assumes the members of that group as aliases.
  • NOT IN DYNAMIC GROUP - If the value does not match any member of a group that will named as a run-time parameter, the condition is true. NOT IN DYNAMIC ALIASES GROUP, this works a group of the same type as NOT IN DYNAMIC GROUP, however assumes the members of that group as aliases.
    Note: The group may contain either aliases or actual values according to the operator used (IN GROUP OR IN ALIASES GROUP) can not be used at the same time.
  • LIKE GROUP - If the value is like any member of the selected group, the condition is true. This condition enables wildcard (%) characters in the group member names.
    Note: A like member value uses one or more wildcard (%) characters, and matches all or part of the value. For a like comparison, alphabetic characters are not case sensitive. For example, %tea% would match tea, TeA, tEam, or steam.

Policies and rules

When creating a rule as part of a policy, groups simplify the process of specifying the parameters you want.

Anywhere there is a Group drop-down menu on the rule definition pane you can select a group.

Further, if you want to create or modify a group on the fly, click the Groups icon groups icon to open a Group Definition window and make your desired changes.

For example: if you want to capture activity occurring on your production servers, rather than typing in full IP addresses each time, you could create a group Production Servers and use that.

Parent topic: Groups