Managing assets through groups

Edit online

IBM® Guardium® Cryptography Manager 2.0.1 provides a unified group management framework that enable classification of assets based on technical attributes of IT assets and cryptographic objects (IP, hostname, URI, protocol, port, asset type, asset subtype, mission criticality, internet-facing flag, technical contacts, network, environment, location, and discovery sources).

Before you begin

You can create and manage the following types of groups in Guardium Cryptography Manager:

Groups with assets added or removed based on rules and exceptions
  • You cannot add and remove assets manually.
  • Assets are automatically added and removed during discovery scans based on the defined or updated rules and exceptions of the group.
Groups with assets added or removed manually
  • Addition of the assets to the group does not depend on any rules or exceptions.
  • You cannot add assets that are part of an existing group to another new or existing group.
  • Policies can be applied to the groups.

About this task

Use the following steps to create groups:
Note: For groups where assets are added or removed manually:
  • From the main menu, click Inventory > IT assets, click Add to group, and then follow the onscreen instructions
  • From the main menu, click Inventory > IT assets, click Remove assets from group, and then follow the onscreen instructions to remove the assets from an existing group.

Procedure

  1. From the main menu, click Groups.
  2. Click Create groups on the Groups page.
    The Create groups wizard opens.
  3. In the Add details section of the Create groups wizard, enter the Name and Description (Optional) of the group, and then click Next.
  4. In the Add rules and exceptions section of the Create groups wizard, do the following tasks:
    Note: The step of adding rules and exceptions is only required if you want to create a group where the assets get automatically added and removed based on rules and exceptions defined for the group. If you want to create a group where the assets get manually added and removed, skip step 4.
    1. In the Rules section, click Add rule, and then select the Attribute, Operator, and Value.
      Note:
      • You can click Add custom value to provide custom values for the Value field.
      • You can click Add condition to add an alternate condition for the rule.
      • You can click Add rule to add multiple rules.
    2. In the Exception section, click Add exception, and then select the Attribute, Operator, and Value.
      Note:
      • You need to add a minimum of one rule before you can add an exception.
      • You can click Add custom value to provide custom values for the Value field.
      • You can click Add condition to add an alternate condition for the exception.
      • You can click Add exception to add multiple exceptions.
  5. Click Next.
  6. In the Add rules and exceptions section of the Create groups wizard, review the values of the fields, and then click Save.

Results

You have successfully created a group.

If you click a group, the side panel opens:
  • For a group that has no rules and exceptions defined, you can see the mapped policies listed in a table in the Mapped policies section. If no policies are mapped, then you can map policies by clicking Go to policies, and then following the onscreen instructions.
  • For a group that has rules and exceptions defined, you can see the rules and exceptions in the Rules and Exceptions sections.

You can click the Edit or Delete icon in the row of a group, and then follow the onscreen instructions to edit or delete the group.

If you click the number listed in the column of IT assets or Linked cryptographic objects column, you are directed to the Inventory page's IT assets tab or Linked cryptographic objects tab listing the assets belonging to the group.