Group assets based on shared attributes to address them collectively, simplify filtering, and enable strict access control boundaries.
By grouping assets based on shared attributes, you can address them collectively to enable more efficient bulk actions and simplify scoping across the platform. You can create an asset group by navigating to → → and clicking Add Group.
When creating or editing a dynamic asset group, you can enable the Show only fields supported for access management option. Enabling this toggle limits the available fields in the Assets table to display only the subset of attributes supported for Scope-Based Access Control (SBAC). Using this option ensures that the asset group can be used to define granular user scopes in Access Management. To view the complete and current list of supported scoping attributes, see Manage user scope.
Note
If an asset group uses fields outside of this supported list, it cannot be used for scoping in Access Management.
Dynamic and static asset groups
You can choose between two types of asset groups. Dynamic groups use filters, such as provider or realm, to group current and future assets that meet the defined criteria, while static groups require you to manually select individual assets to include in the group.
Use asset groups
After you define asset groups, you can use them for the following:
Scope-Based Access Control (SBAC): Asset groups serve as the foundational building blocks for Asset-led Scope-Based Access Control (SBAC). This allows administrators to explicitly restrict which users can view which assets by defining access to specific Asset Groups, which simultaneously restricts their ability to view related cases and issues for those assets.
Note
Note: You cannot create SBAC based on static groups. When using dynamic asset groups for SBAC, you can limit access based only on the following attributes: Asset Class, Category, Provider, Region, Organization, Realm, Business Application Names, Kubernetes Cluster, Kubernetes Namespace, Code Repository, and Asset Tags.
Automation Exclusion Policies: You can use asset groups for specific automation exclusion policies, such as the IAM User Hard Remediation and User Soft Remediation policies. By using asset groups for these policies, the system enables automatic updates of critical assets without requiring manual edits to a list. These specific exclusion policies can be configured to contain only lists, only asset groups, or a combination of both.
Enrich asset data: Add information to a set of assets that isn't directly stored on the asset itself.
Reuse asset groups: Reference the same group across different areas of Cortex XDR, for example, in policies and rules.
Note
When you create or edit an Asset Group, the changes are applied immediately to new assets and to existing assets that have been updated. However, it may take a few hours for the changes to appear on existing assets that have not been updated.