Creating Tag Rules ( auto tagging ) using Regular Expressions
Realtime Tag rule using Regex :
A real time tag rule applies tag to only the online assets based on the relevant conditions specified in the tag rule.
You can run these 1st test these using realtime query on assets, if satisfied and returned required results, later we can create a Realtime tag rule for this.
Tag assets based on a hostname pattern:
- SELECT 'test-endpoint-tag' AS tag
- FROM system_info
- WHERE hostname REGEXP '^(Test){1}-\w*-\d{3}$'
Example hostnames :
Test--121, Test-alpha1-456
Tag assets based on starting alphabets in hostname :
- SELECT
- 'test-a-to-m' as tag
- from
- system_info
- where
- lower(hostname) REGEXP '^[a-m].*';
If you have any error running this realtime query on AIX machines/ realtime query is failing on some error, you can use below query:
- SELECT
- 'test1' as tag
- from
- system_info
- where
- lower(hostname) like 'a%'
- OR lower(hostname) like 'b%'
- OR lower(hostname) like 'c%'
- OR lower(hostname) like 'd%'
- OR lower(hostname) like 'e%'
- OR lower(hostname) like 'f%'
- OR lower(hostname) like 'g%'
- OR lower(hostname) like 'h%'
- OR lower(hostname) like 'i%'
- OR lower(hostname) like 'j%'
- OR lower(hostname) like 'k%'
- OR lower(hostname) like 'l%'
- OR lower(hostname) like 'm%'
Example hostnames :
Matches assets with names starting with a to m( or A to M ) alphabets
Global Tag Rule using Regex :
A global tag rule applies tag to all the assets present in the global data based on the relevant conditions specified in the tag rule.
You can run these 1st test these using global query, if satisfied and it returned required results, later we can create a Global tag rule for this.
Tag assets based on a hostname pattern:
- WITH latest_row AS (
- SELECT hostname,
- upt_asset_id,
- max(upt_time) AS maxtime
- FROM system_info
- WHERE upt_day >= CAST(
- date_format(
- localtimestamp - INTERVAL '3' DAY,
- '%Y%m%d'
- ) AS INTEGER
- )
- GROUP BY hostname,
- upt_asset_id
- )
- SELECT DISTINCT upt_asset_id,
- 'test-endpoint-tag' AS tag
- FROM latest_row
- WHERE regexp_like(hostname, '^(Test){1}-\w*-\d{3}$')
Example hostnames :
Test--121, Test-alpha1-456
Related Articles
Auto tagging using global query
This article provides details on how to create auto tag rules using a global query. Currently, auto tagging using a global query can be achieved using API only. GUI based solution will be available in release 77. Global query based auto tag rules can ...
Installing OSQuery using Jamf Pro
Overview This document outlines the procedure on how to install the Uptycs osquery agent on macOS using Jamf. If you are already familiar with Jamf, please use the attached UptycsOsquery.plist and UptycsOsquery.mobileconfig files to setup Uptycs ...
Guidelines for SQL Alerts Rules / Events Rules / Scheduled Queries
Consider time it takes for events / data shows up in the back-end. On Uptycs portal, data should be visible on the backend in less than 6 minutes. Note : 6 min delay is already coded in for :from and :to variables. upt_server_time BETWEEN :from AND ...
Installing Uptycs Agent on MacOS using JAMF
Overview This document outlines the procedure on how to install the Uptycs osquery agent on macOS using JAMF. Procedure Installation Download the installer. Login to JAMF. You must have a JAMF Plus plan to be able to deploy custom macOS packages ...
Installing Uptycs Protect using Jamf Pro
Overview This document outlines the procedure on how to install the Uptycs Protect agent on macOS using Jamf. If you are already familiar with Jamf, please use the attached UptycsProtect.plist and UptycsProtect.mobileconfig files to setup Uptycs ...