Skip to main content

Group Assets Based on their Device Type

This tutorial demonstrates how you can create a new cluster to group your assets based on the asset type. Asset types can include, but are not limited to, laptops, virtual machines, desktops, servers, software, tablets, phones, or printers. Clustering your assets by their type can be useful for a few reasons:

  • Enhanced visibility and control: By grouping assets by their type, you can gain a better understanding of the distribution and usage of your assets across your organization. This enhanced visibility can help you identify potential security risks, track asset ownership, and manage your assets more effectively.

  • Efficient resource allocation: Clustering your devices can help you allocate resources more efficiently by identifying groups of assets that require similar treatment or remediation. For example, if a cluster of laptops is found to have a common vulnerability, you can prioritize the remediation efforts for that specific cluster rather than addressing each laptop individually.

  • Improved risk management: By grouping assets by their type, you can identify clusters of assets that are more critical to your business operations or that require additional protection due to their sensitivity or value.

To cluster your assets based on the device type, follow these steps:

  1. Navigate to Clusters > Assets > Types.

  2. Click Create and fill in the fields as shown below:

    • Name: Type "Apple iPhones". This specific cluster groups all company issued Apple iPhones together.

    • Active: Keep as is. Active is selected by default.

    • Default: Keep as is. Default is not selected by default.

    • Description: Type "All company issued Apple iPhones".

    • Conditions: Click + and specify the clustering criteria.

      • Target data model: Select or type Device.

        Important

        Avoid selecting a parent data model (such as Asset, Finding, or Ticket) as the target. For example, instead of Asset, select a data model that extends Asset, such as Account, Host, Cloud Resource, and so on. This is because parent data models are not computed during consolidation and choosing a parent data model results in empty counts in the cluster.

      • Active: Keep as is. Active is selected by default.

      • Condition: Enter name CONTAINS "iPhone". This condition ensures that all company issued iPhones are grouped together in the cluster. The specific syntax and condition may vary depending on the manufacturer or model of the phone your organization issues to employees. For example, if your company uses Android phones, the syntax may be name CONTAINS "Android".

        • You can follow the same condition syntax for any device you want to group in a cluster. For example, if you want to group all Macbook laptops, the condition might be name CONTAINS "Macbook" or if you want to group all company issued iPads together, the condition may be name CONTAINS "iPad".

      Click Test condition to see the results retrieved by the condition.

  3. Click Create. The page reloads and the new asset type cluster displays on the Asset types clusters page.

  4. Navigate to Administration Administration Button > Data > Models.

  5. Navigate to the Device data model page and click Flows.

  6. Click Device compute flow, then Launch, and then click Launch again in the confirmation dialog. This starts the actions needed to group the Device data specified in the condition. Wait for the flow to run successfully.

    • Repeat steps 5 and 6 (launch compute flow) for each individual data model specified in the condition.

  7. Navigate to the Asset type data model and click Flows.

  8. Click Asset type compute flow, then Launch, and then click Launch again in the confirmation dialog.

  9. Navigate to Inventory > All assets.

  10. Click the Type filter and select Apple iPhones.

    • If you use the filters, you may need to click More and select Type for the Type filter to display. You may also need to click Column column button and select Type for the Type column to display in the list view.

  11. Click Apply.

The Phone asset type displays in the asset list view

The Assets list view refreshes and only displays the devices with the specified asset type. Click an entry in the list view and under the Clusters section in the slide-out view, you should see Type > Apple iPhones. This provides additional confirmation that the device was successfully grouped as part of the "Apple iPhones" cluster.

The assets showing as "iPhone" types in the slide-out view

Another way you can confirm the devices have been successfully grouped is to navigate to Clusters > Assets > Types and compare the value in the Total column with the value that displays in the list view when you apply the Apple iPhones asset type filter. If the cluster is functioning as intended, the values should match.

You can also view the clustered data in a graph. To do so, navigate to Explorer and type the following BQL query:

FIND Asset AS a THAT IS AssetType AS at WHERE at.displayName = "Apple iPhones"

The Apple iPhone cluster assets displayed on the explorer graph

Similar to the list view, click one of the Apple iPhone entries on the graph to view specific device information, including the connector that the device was sourced from, risk details, when the device was first seen, last seen, and more.

info

If you see inaccurate or empty counts in the cluster, see the Troubleshooting section for information about the potential causes of the issue.