Create/Edit Search Scope Window

---

This window lets you create and name groups of devices searched when Extreme Networks IPS notifies ASM of a threat. It operates the same way as the settings for the Basic Search Scope Definitions, but allows you to create multiple search scope groups so you can search several non-contiguous groups of devices. You can include or exclude specific devices, according to Device Type, Location, Contact, and Subnet.

You can access this window from the ASM Configuration window's Search Scope Definitions panel. Select the Advanced Search Mode, then click the Create or Edit button in the Search Scopes section.

	NOTE:	The NetSight Server performs ASM searches using the profile for the server, not the profile for the ASM client user.

Click areas in the window for more information.

Search Scope Name

The name given to this search scope. The name can be any character string, up to 64 characters.

Groups & Devices

This panel shows the device tree for devices modeled in the Console database. You can expand branches of the tree to select the Devices/Device Groups to search when Extreme Networks IPS notifies ASM of a threat. After making a selection, click Include to designate your selection(s) as being included in the search scope or click Exclude to designate your selection(s) as being specifically excluded in the search scope.

You can repeatedly select devices/device groups individually and click Include/Exclude or use multiple selection techniques (Control-click or Shift-Click) to select or de-select multiple Devices/Device Groups in a single operation.

	NOTES:	When there are devices on your network that do not support layer 3, include routers in the list of targets to allow Compass to use its IP to MAC address resolution feature to locate the end station. This includes the following devices: C1, E1 (1G6xx Series), E5, V-Series, SS9000, Vertical Horizon, 1st Generation 1Hxxx Series.

Do not use the Layer 3 NAC Controller and the NAC Gateway as a search device in ASM. Configure ASM to search other devices in the network for the IP-to-MAC-to-port bindings, such as gateway routers for IP-to-MAC bindings and access edge switches for MAC-to-port information.

Selected Groups and Devices

This panel lists the devices/device groups selected from the Groups & Devices panel. The Filter column in the table indicates whether the device(s)/device group(s) can be included or excluded. The Device Group Path column shows the specific IP address and branch of the tree for selected devices/device groups.

Devices/device groups designated as Excluded are excluded from the search scope, regardless of any Include settings. For example, if a particular device is set to Excluded and the same device is a member of a device group that is set to Included, then the excluded device is not searched.

You can further refine your search scope by selecting either Any of the Included Groups or All of the Included Groups.

• Any of the Included Groups creates an OR condition so if a selected device (not specifically excluded) is a member of any of the selected groups, then it is included in the search scope and appears in the Resulting Device/Device Group table. For example, selecting a specific Vertical Horizon device not in subnet 172.18.19.xx together with the Vertical Horizon and IP Subnet 172.18,19.xx Device Groups and clicking Any of the Included Groups includes all Vertical Horizon devices (including the individual VH device) and all devices from the 172.18,19.xx subnet.
• All of the Included Groups creates an AND condition. When selected, only devices that are members of all of the selected device groups are included in the search scope. This selection is useful when you want to select all of a particular device type, but only in a specific location--for example, all the routers in a particular building. When a device type (Routers) and a location group (Building2) are both selected, then only the devices contained in both groups (Routers in Building2) are included in the search scope.

Resulting Devices

The resulting list of devices searched when Extreme Networks IPS notifies ASM of a threat. The table is dynamically updated according to your device/device group selections and include/exclude arguments.

Send Notification...

This checkbox allows you to select a notification to be performed in the event no port is found for the Threat IP. For example, you can specify an E-Mail notification to be sent when no port is found. Select the desired notification from the drop-down menu. Click Edit to open the Edit Notifications window, which lists the configured notifications. In this window, you can select a notification to edit, or click Create to open the Create Notification window.

Include/Exclude

Adds your tree selections to the Selected Groups and Devices table and sets the Filter column to either Include or Exclude.

Remove

Deletes one or more rows selected from the Groups and Devices table.

Apply

Creates the search scope group and adds it to the Search Scopes table in the Advanced Search Scope Definition view of the Automated Security Manager Configuration Window.

---

Related Information

For information on related windows:

• Automated Security Manager Configuration Window
• Automated Security Manager Options
• Automated Security Manager Activity Monitor

For information on related tasks:

• How to Set Automated Security Manager Options
• How to Create and Edit Automated Security Manager Rules
• How to Use Automated Security Manager Activity Monitor