Use this procedure to create a new sensor group and enable an automatic policy assignment to the sensors in that group. Sensors that match the defined criteria are automatically added to the sensor group.


  1. On the left navigation bar, click Inventory > Sensor Groups.
  2. Click the Add Group button.
  3. Specify the following information regarding the new sensor group:
    • Name: Enter a unique name for the sensor group. This is a required field.
    • Under Criteria, specify:
      • The sensor operating system, if any. You can select a specific OS type and a particular OS version.
      • Additional criteria. If defined, you can specify whether sensors need to match any or all of the defined criteria.

        You can specify Active Directory requirements or specific subnets or device names.

        When establishing criteria for sensors to be a part of a sensor group, the device name is case-sensitive. To specify multiple OUs or other criteria, add each specification as a distinct criteria and select all. Do not specify multiple criteria on a single line separated by commas.

        Subnet criteria using CIDR notation can range from 1 to 24 bits.

        For additional information, see: Sensor Group Criteria Configuration Details

  4. Under Policy Criteria, select the policy from the drop-down list that is applied to all sensors in the group.
  5. Click Save.

Sensor Group Criteria Configuration Details

Use this reference for additional criteria when defining sensor groups.

Use of Logical Operators for Sensor Group Criteria

You can use two types of logical operators to bind the criteria for sensor groups.
  • all - corresponds to AND logical operator
  • any - corresponds to OR logical operator.

Depending on the selected logical operator, all lines will be interpreted either with AND or with OR logic.

Additionally, the following string searching options are available for use:

  • contains
  • is equal to
  • is not equal to
  • starts with
  • ends with.

Active Directory Criteria Configuration

The criteria for sensor groups based on the Active Directory Domain are processed in the Carbon Black Cloud console by considering the Active Directory Domain Components.

The Active Directory domains are interpreted in the Carbon Black Cloud console as their components, not as the full URLs.

For example:

  • Distinguished names use LDAP syntax: for example, OU=east,DC=com,DC=vmware
  • Domains use domain syntax: for example,
  • Organizational units is a string with no OU: for example, east