Example Filters

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

When you define a filter, any computers that match the criteria appear in the filter group. WatchGuard Endpoint Security can filter a computer into more than one group. When the status of a computer or device changes and it no longer fulfills the conditions of the filter, WatchGuard Endpoint Security automatically removes it from the group defined by the filter.

WatchGuard Endpoint Security includes commonly used filters that you can use to organize and locate network computers. You can edit or delete these predefined filters and you can also create new filters. This topic includes examples of filters commonly created by network administrators. For more information, see Add a Filter.

Filter Windows Computers Based on the Installed Processor (x86, x64, ARM64)

Lists all computers that have a Windows operating system installed and an ARM microprocessor.

This filter has two conditions linked by the AND operator:

Condition 1

  • Category: Computer
  • Property: Platform
  • Condition: Equals
  • Value: Windows

Condition 2

  • Category: Computer
  • Property: Architecture
  • Condition: Equals
  • Value: {architecture name: ARM64, x86, x64}

Filter Computers without a Specific Patch Installed

Lists computers that do not have a specific patch installed:

  • Category: Software
  • Property: Software name
  • Condition: Doesn’t contain
  • Value: (patch name)

Filter Computers that Have Not Connected to WatchGuard Cloud in x Days

Lists computers that have not connected to WatchGuard Cloud in the specified period:

  • Category: Computer
  • Property: Last connection
  • Condition: Before
  • Value: {Date in dd/mm/yy format}

Filter Isolated Computers

Lists computers that have been isolated from the network:

  • Category: Computer
  • Property: Isolation status
  • Condition: Is equal to
  • Value: Isolated

Filter Computers Integrated with Other Management Tools

Lists computers with a name that matches a computer name specified in a list obtained by a third-party tool:

  • Category: Computer
  • Property: Name
  • Condition: In
  • Value: Computer name list

Each line in the list must end with a carriage return and is considered a computer name.