how do I apply targeted hosts to hostgroup? #784
-
|
tnx |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
|
Beta Was this translation helpful? Give feedback.
-
|
Hi @NSH531 Thanks for the question! Are you able to elaborate more on the use case? CrowdStrike uses two types of Host Groups:
Typically, Dynamic Host groups are used to group hosts in general. For example I may have several dynamic groups that target devices by product type to separate my servers and laptops into different groups. This is nice since as new devices are added they will join host groups automatically based on the filters. Static host groups on the other hand only contain hosts that have been manually added. A good example of this may be to have a group with less aggressive policies for employees requesting posture exceptions. You can create and modify host groups in FalconPy by using the Host Group Service Collection. From your question, it seems you are looking to add specific hosts to a group. I would suggest using a Static type group for this. Once the group is created you can add and remove specific hosts from the API. performGroupAction will handle be used to add and remove hosts either by their |
Beta Was this translation helpful? Give feedback.
-
|
We're talking about dynamic group here
… Hi @NSH531 <https://github.com/NSH531> Thanks for the question!
Are you able to elaborate more on the use case? CrowdStrike uses two types
of Host Groups:
1. Dynamic - This type allows you to specify a filter (based on
hostname, platform, product type...)
2. Static - This group allows you to choose specific hosts to be in a
group by Device ID
Typically, Dynamic Host groups are used to group hosts in general. For
example I may have several dynamic groups that target devices by product
type to separate my servers and laptops into different groups. This is nice
since as new devices are added they will join host groups automatically
based on the filters.
Static host groups on the other hand only contain hosts that have been
manually added. A good example of this may be to have a group with less
aggressive policies for employees requesting posture exceptions.
You can create and modify host groups in FalconPy by using the Host Group
Service Collection
<https://falconpy.io/Service-Collections/Host-Group.html>.
From your question, it seems you are looking to add specific hosts to a
group. I would suggest using a Static type group for this. Once the group
is created you can add and remove specific hosts from the API.
performGroupAction
<https://falconpy.io/Service-Collections/Host-Group.html#performgroupaction>
will handle be used to add and remove hosts either by their device_id
—
Reply to this email directly, view it on GitHub
<#784 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABNBJWLL26Y66XC4X5NKGBLV7CFIFANCNFSM6AAAAAAQP3WT24>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
<https://netanel.ml>
|
Beta Was this translation helpful? Give feedback.
-
|
Nate, There's no way to apply targeted hosts to a dynamic host group. As outlined above a dynamic group is populated by hosts that meet the established criteria. if your goal is to target specific systems to be added to a dynamic host group you should craft the assignment rule accordingly. |
Beta Was this translation helpful? Give feedback.
Nate,
There's no way to apply targeted hosts to a dynamic host group. As outlined above a dynamic group is populated by hosts that meet the established criteria. if your goal is to target specific systems to be added to a dynamic host group you should craft the assignment rule accordingly.
For more information you can reference the following information through the Falcon UI: https://falcon.crowdstrike.com/documentation/67/host-and-host-group-management#planning-dynamic-host-groups