.. _node-group-detail: Node Group Details =================== In Genian NAC, node groups can be categorized into two types: **Node Policy-only Node Groups (Policy Groups)** and **General Node Groups (Status Groups)**. In general, node groups are used when establishing policies and can be applied in node policies and control policies. Checking Conditions for Creating Node Policy-only Node Groups ------------------------------------------------------------------------------------------- Node policy-only node groups are based on node-related information such as node type, IP/MAC address, user information, and authentication. These node groups can be used in node policies. .. list-table:: :widths: 3 10 :header-rows: 1 * - Item - Description * - IPv6 Address - Creates a group based on the node’s IPv6 address. * - IP Management - Creates a group based on IP management policies used in NAC. * - IP Address - Creates a group based on the node’s IPv4 address. * - MAC + IP Address - Creates a group based on the node’s IPv4 address and MAC address. * - MAC Address - Creates a group based on the node’s MAC address. * - Node Type - Creates a group based on the node type classified by NAC. * - Registration Status - Creates a group based on whether the node is registered on the policy server. * - Registration Date - Creates a group based on the registration time of the node in NAC. * - Sensor - Creates a group based on network sensors and registered nodes on those sensors. * - Time - Creates a group based on current time using time objects. * - Agent - Creates a group based on the installation and operation status of the NAC agent. * - Authenticated User - Creates a group based on authenticated users when NAC's user authentication is in use. * - Device Owner - Creates a group based on the device owner information set on the node. * - Policy Group - Creates a group that includes another policy group. (Only one level of nesting is allowed) * - Tag - Creates a group based on tag information assigned to nodes. Checking Conditions for Creating General Node Groups ---------------------------------------------------------------------------------------------------------- General node groups are based on node status and results derived from various related conditions. .. note:: General node groups include all conditions of policy-only node groups, but **cannot** be used in node policies. +-----------------+-------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | Category | Description | Items | +=================+=========================================================+===============+=====================================================================================================+ | Policy | Creates a group based on policies defined in NAC. | IP Management, Node Group, Node Policy, Authenticated User, Tag, Hostname Restriction | +-----------------+-------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | Sensor Info | Creates a group based on information collected from network sensors. | Node Type, Service, Sensor, Up/Down Status, Open Ports, OS Type | + + +-----------------------------------------------------------------------------------------------------+ | | | Traffic, Platform, Host/Domain Name | +-----------------+-------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | Agent Info | Creates a group based on information collected from agents. | USB Device Info, WMI Data Collection, Uptime, Account Password Verification, Network, AV Info | + + +-----------------------------------------------------------------------------------------------------+ | | | Software, System, System User Account, Agent Status, Agent Actions, OS Updates | +-----------------+-------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | Device Info | Creates a group based on information set on devices. | Device Name, Description, Manufacturing Date, Purchase Source, Start/End of Lifespan | + + +-----------------------------------------------------------------------------------------------------+ | | | Serial Number, Purchase Cost, Responsible Person/Department, Memo | +-----------------+-------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ |Additional Info | Creates a group based on GPI integration and additional field values. | GPI Score, GPI Inspection Result | +-----------------+-------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+ | Uncategorized | Creates a group based on conditions not classified into specific types. | Registration Status, IPv6 Address, IP Address, MAC + IP, MAC Address, NAT,Registration Date, Consent| + + +-----------------------------------------------------------------------------------------------------+ | | | Name/Description, Built-in Wireless, Device Owner, Connected AP/Device/Port, Platform CVEs | +-----------------+-------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------+