Asset Groups

You can use Asset Groups to apply policy settings across multiple assets at one time and otherwise manage your assets. Examples of assets are endpoints, VM workloads, VDI, and Public Cloud workloads.

You can use Asset Groups to organize assets or optionally to apply policy settings. An asset can belong to more than one asset group. This allows granular management of assets. For example, you can assign an asset to one Asset Group for organizational purposes only and assign the same asset to another Asset Group for policy assignment.

Note: For known caveats and benefits of using Asset Groups, see Asset Groups and Sensor Groups.

Important: It may take up to 10 minutes for group membership changes to take effect when metadata changes come into the Carbon Black Cloud. This includes actions like new sensor installs, newly create asset groups, and changes to criteria used by asset groups.

Policies are assigned to Asset Groups, and you can rank your policies to determine which policy takes precedence when you assign an asset to multiple Asset Groups. The policy that has the highest rank takes precedence unless a policy is manually assigned to an asset. An asset can have only one effective policy.

Illustration of how ranked policies are applied to an asset

Important: Manually assigned policies always take precedence over policies that are assigned through group membership.

For example:

The asset groups and the effective policy assignment to the asset

In this example, the asset CFO-LAPTOP has membership in multiple asset groups. The effective policy for the asset is determined by policy rank. In this case, VIP is the effective policy because it is ranked the highest.

A simple workflow for creating Asset Groups and assigning assets to the groups is as follows:

Rank Policies if you are using asset groups to assign policies
Create Asset Groups and optionally assign policies to the asset groups.
Assign Assets to Asset Groups