Skip to main content

Group Assets Based on their Environment

This tutorial demonstrates how you can create a new cluster to group your assets that reside in a development environment. Clustering your assets by their environment can be useful for a few reasons:

  • Risk exposure: Development environments may be less secure than production environments and may have more exploitable vulnerabilities or weaknesses. By identifying assets that are in development versus production, you can better understand your overall risk exposure and prioritize remediation efforts accordingly.

  • Compliance requirements: Many compliance frameworks require organizations to maintain strict separation between development and production environments and have different security controls in place for each environment. By identifying assets in each environment, you can ensure that you are meeting those compliance requirements.

  • Change management: Development and production environments often have different change management processes and requirements. By identifying assets in each environment, you can take steps to ensure that you are following the appropriate processes and procedures when making changes to those assets.

note

The syntax and steps described in this tutorial may vary from how your organization tags assets based on the specific environment.

To cluster your assets by their working environment, follow these steps:

  1. Navigate to Clusters > Assets > Environments.

  2. Click Create and fill in the fields as shown below:

    • Name: Type "Development Environment Assets".

    • Active: Keep as is. Active is selected by default.

    • Default: Keep as is. Default is not selected by default.

    • Description: Type "Assets in the development environment".

    • Conditions: Click + and specify the clustering criteria.

      • Target data model: Select or type Host.
      Important

      Avoid selecting a parent data model (such as Asset, Finding, or Ticket) as the target. For example, instead of Asset, select a data model that extends Asset, such as Account, Host, Cloud Resource, and so on. This is because parent data models are not computed during consolidation and choosing a parent data model results in empty counts in the cluster.

      • Active: Keep as is. Active is selected by default.

      • Condition: Enter tags Contains "Development". This condition ensures that the hosts are grouped by those tagged as in a development environment.

        • You can do the same for hosts in different environments by replacing Development with a different environment tag, such as Production, Testing, or Staging, depending on how you tag your assets.

      Click Test condition to see the results retrieved by the condition.

    • Click + and add the same condition for any other data models that extend Asset and support tags that you want to group in this cluster, such as applications, devices, subnets, or containers. This ensures that the cluster also includes any additional assets in the development environment.

  3. Click Create. The page reloads and the new environment cluster displays on the Environment clusters page.

  4. Navigate to Administration Administration Button > Data > Models.

  5. Navigate to the Host data model page and click Flows.

  6. Click Host compute flow, then Launch, and then click Launch again in the confirmation dialog. This starts the actions needed to group the Host data specified in the condition. Wait for the flow to run successfully.

    • Repeat steps 5 and 6 (launch compute flow) for each individual data model specified in the condition.

  7. Navigate to the Environment data model and click Flows.

  8. Click Environment compute flow, then Launch, and then click Launch again in the confirmation dialog.

    note

    Your clusters also apply once a day through data orchestration.

  9. Navigate to Inventory > All assets.

  10. Click the Environments filter and select Development Environment Assets. You can also type the following BQL query to view the clustered assets: FIND Asset AS a THAT WITHIN Environment as e where e.displayName = "Development Environment Assets"

    • If you use the filters, you may need to click More and select Environments for the Environments filter to display. You may also need to click Column column button and select Environments for the Environments column to display in the list view.

  11. Click Apply.

New cluster displays in the list view

The Hosts list view refreshes and only displays the hosts with the specified environment. Click an entry in the list view and under the Tags section in the slide-out view, you should see Development. This provides additional confirmation that the host was successfully grouped as part of the "Development Environment Assets" cluster.

Development tag displays in the slide-out view

Another way you can confirm the hosts have been successfully grouped is to navigate to Clusters > Assets > Environments and compare the value in the Total column with the value that displays in the list view when you apply the Development Environment Asset filter. If the cluster is functioning as intended, the values should match.

info

If you see inaccurate or empty counts in the cluster, see the Troubleshooting section for information about the potential causes of the issue.