Aggregation rule fields and their descriptions
Field | Description | |
|
| |
Rule | Rules can be simple or complex, and are based on types that can be added to or deleted from the | |
| rule. Possible type values used to construct a rule include: | |
| • | Or |
|
| Can contain a list of one or more And, Or, User, Group, Path or Cmdline values. |
|
| Effect: Any one of the rules within this statement can be true to match a process to the application. |
| • | And |
|
| Can contain a list of one or more And, Or, User, Group, Path or Cmdline values. |
|
| Effect: All of the rules within this statement must be true to match a process to the application. |
| • | User |
|
| Supply the user name associated with the process. In addition to literal names, regular expressions |
|
| are allowed. |
|
| Effect: Make matching to a process dependent on a particular user. |
| • | Group |
|
| Supply the group name of the process. Regular expressions are allowed. |
|
| Effect: Make matching to a process dependent on a particular group. |
| • | Path |
|
| Supply the executable path of the process. Regular expressions are allowed. |
|
| Effect: Make matching to a process dependent on a particular executable path. |
| • | Cmdline |
|
| Supply the command line arguments used to start the process. Regular expressions are allowed. |
|
| Effect: Make matching to a process dependent on a particular command line argument. |
|
|
|
|
|
|
NOTE: If you want to define your application based on specific ownership, path, or command line arguments, you can check the “Unmatched processes” table on a particular host screen or the “Processes not matched by this template” table on a template editing screen to get this information. See Filling in aggregation rule fields using table data for tips on finding specific process attributes for this purpose.
For an example of how to build an application template rule for aggregating processes into an application, see “Create a process aggregation rule” (page 32).
Create an application template rule
Application Discovery provides a set of options and fields that help you to define a valid application template rule. The rule you create governs discovery of the application that you have defined. You can create rules that apply generally or specifically to a process, user, or group.
Create a process aggregation rule
An aggregation rule is one in which you designate one or more characteristics in order to collect the associated process or processes into an application that can be matched by Application Discovery.
The following procedure assumes that you have opened an application template and are ready to edit the Aggregation Rules form.
32 Procedures and examples