Jump to content

Dynamic Group Template - Computer Subnet


Recommended Posts

I have a static group called Workstations with 3 computers in them that are on 3 different subnets. Under the static Workstations group I have 3 dynamic groups based on their subnet as follows. However, the dynamic template is not working for the Remote Systems dynamic group.

-Workstations

     -Office 1

     -Office 2

     -Remote Systems

 

Office 1's dynamic template is:

Operation AND

     Network IP addresses . IP subnetwork = (equal) 192.168.1.0

 

Office 2's dynamic template is:

Operation AND

     Network IP addresses . IP subnetwork = (equal) 192.168.2.0

 

Remote Systems' dynamic template is:

Operation NOR

     Network IP addresses . IP subnetwork = (equal) 192.168.1.0

     Network IP addresses . IP subnetwork = (equal) 192.168.2.0

 

ESET PROTECT (Server), Version 8.1 (8.1.2209.0)
ESET PROTECT (Web Console), Version 8.1 (8.1.221.0)

CentOS (64-bit), Version 7.9.2009

 

Any ideas why the dynamic group template for Remote Systems would not working?

Would there be a better way to approach this?

Link to comment
Share on other sites

  • ESET Staff
3 hours ago, MFKDGAF said:

Would there be a better way to approach this?

Could you please double check problematic devices are connecting, i.e. they had chance to report status? If so, I would recommend to modify DG template in a way that it will use operator "AND" and "not equal" conditions, even it should be equivalent on first sight?
Also please provide list of "IP subnetwork" values for all network interfaces (i.e. as reported by console for such devices) on devices that you expected to be present in defined dynamic group for verification of DG evaluation correctness.

Link to comment
Share on other sites

29 minutes ago, MartinK said:

Could you please double check problematic devices are connecting, i.e. they had chance to report status? If so, I would recommend to modify DG template in a way that it will use operator "AND" and "not equal" conditions, even it should be equivalent on first sight?
Also please provide list of "IP subnetwork" values for all network interfaces (i.e. as reported by console for such devices) on devices that you expected to be present in defined dynamic group for verification of DG evaluation correctness.

The devices are connecting and reporting to the server.

I can't use the "AND" operator because in doing so, it throws a waring saying the operators are negated.

I can't provide a list of "IP Subnetwork" values because I am not going to know what they are.

Essentially, I want to make a dynamic group using a dynamic template to show me devices that are not in the office, ie: at the employee's home. As such I am not going to know what their home subnet is.

 

2021-07-14_13-51-40.jpg

Link to comment
Share on other sites

18 hours ago, MFKDGAF said:

I have a static group called Workstations with 3 computers in them that are on 3 different subnets. Under the static Workstations group I have 3 dynamic groups based on their subnet as follows. However, the dynamic template is not working for the Remote Systems dynamic group.

-Workstations

     -Office 1

     -Office 2

     -Remote Systems

 

Office 1's dynamic template is:

Operation AND

     Network IP addresses . IP subnetwork = (equal) 192.168.1.0

 

Office 2's dynamic template is:

Operation AND

     Network IP addresses . IP subnetwork = (equal) 192.168.2.0

 

Remote Systems' dynamic template is:

Operation NOR

     Network IP addresses . IP subnetwork = (equal) 192.168.1.0

     Network IP addresses . IP subnetwork = (equal) 192.168.2.0

 

ESET PROTECT (Server), Version 8.1 (8.1.2209.0)
ESET PROTECT (Web Console), Version 8.1 (8.1.221.0)

CentOS (64-bit), Version 7.9.2009

 

Any ideas why the dynamic group template for Remote Systems would not working?

Would there be a better way to approach this?

you could try this

 

office 1 :

Operation AND  (if there's 2 subnetwork in office 1, then i suggest use OR)

  Network IP addresses . IP subnetwork contains 192.168.1.

 

office 2

Operation AND (if there's 2 subnetwork in office 2, then i suggest use OR)

  Network IP addresses . IP subnetwork contains 192.168.2.

 

Remote :

Operation NAND

Network IP addresses . IP subnetwork contains 192.168.1.

Network IP addresses . IP subnetwork contains 192.168.2.

Edited by hari.senen
Link to comment
Share on other sites

  • 1 month later...
On 7/14/2021 at 2:52 PM, MFKDGAF said:

Essentially, I want to make a dynamic group using a dynamic template to show me devices that are not in the office, ie: at the employee's home. As such I am not going to know what their home subnet is.2021-07-14_13-51-40.jpg

If all you want to know is if it's on a known work network or not is instead of trying to figure out what their home network is, why not just specify YOUR networks at the job and notify on anything else? Kinda looks like you have it that way in the screenshot. If it doesnt equal a 10.x.x.x network, notify me.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...