Creating an ExternalGroup
An ExternalGroup is a grouping of SaaS services (Azure Service/Region, GitHub), countries, or Threat Feeds that can be used in a Distributed Cloud Firewall (DCF) rule.
If you include more than one Resource Type when creating your ExternalGroup, OR logic is applied between the Resource Types. AND logic is applied within the Resource Type.
To create an ExternalGroup:
-
In CoPilot go to Groups > ExternalGroups. Ensure that you have the ExternalGroups page selected.
-
Click + ExternalGroup.
-
In the Create ExternalGroup dialog, provide the following information about your ExternalGroup:
Parameter Description Name
Name of the new ExternalGroup.
Resource Type - Countries
Select one or more countries.
Resource Type - Azure
Select one or more Azure cloud-based services or service regions.
If you select this Resource Type but leave the value empty, this means that results will be returned for all of your Azure cloud-based services or regions.
Resource Type - GitHub
Select one or more GitHub services.
If you select this Resource Type but leave the value empty, ths means that results will be returned for all of your GitHub services.
Resource Type - Threat Feeds
Select a Threat Feed, one or more threat types, and one or more severity types. The available Threat Feeds depend on
You can only add one Threat Feed to an ExternalGroup.
Preview
After entering your Resource Type, you can use the Preview toggle to see the selected resources that map to the ExternalGroup.
-
Click Save. The new ExternalGroup is now in the ExternalGroups list on the ExternalGroups tab.
Viewing ExternalGroup Details
On the ExternalGroups tab, click one of the sub-categories (ExternalGroups, Threat Feeds, Countries) and then an item in the list to see its details.
Viewing SaaS-Based Details
On the Groups > Feeds tab, under SaaS Services, click the name of a SaaS service to view its resource criteria in the left pane (Service and Region for Azure, and Service for GitHub).
