Create or edit a user-defined group

Create user-defined groups to organize related elements for use with rules and filters. Groups can contain elements such as events, IP addresses, computer names, and user accounts. After a group is defined, it can be referenced from multiple rules and filters.

See Add a new group or Edit an existing group to get started adding or editing a group. You can create as many user-defined groups as you need to support your rules and filters.

You can only add a group to one SEM manager at a time. To copy a group for use with another SEM manager, export the group and then import it into the other manager's Groups grid. See Export a group for steps.

1. On the SEM Console, click the Configure tab.
2. From the Configure drop-down list, select User-defined groups.
3. On the toolbar, click Create User-defined group.

   

   Add or import your data elements for the group here. Elements contain values to help identify important information in your network. Learn more here.

4.  Click Add element.

   

5. In the Name field, enter a nickname for the element. This name is for reference only.

6. In the Value field, enter a value to define the element. Consider using wildcard characters, such as asterisks (*), to abbreviate these entries. For example:

   Name	Data
   Administrators	*Administrators*
   Backup Operators	*backup oper*
   DNS Admins	DNSAdmin*

7. In the description field, enter a description (optional), and then click Add.

   

   In the elements list, you can search for a specific element, and select an element to edit the values or delete it. You can also export the elements to a CSV file to import into other user-defined groups.

8. Continue to add elements as needed, and then click Next.

   

9. Add your group name and description (optional), and then click Create. The new group appears in the user-defined groups list, and can now be used when configuring rules and filters.

   

10. To edit a user-defined group, select a group in the list, and then click Edit on the toolbar. In the Refine Results pane, you can also filter the groups by the modifier and the time last modified.