When doing a "Dynamic Selection" of nodes in Compliance Manager, you get the ability to add a number of conditions as to what configs you want selected for the Policy, but its difficult to get what you want due to the lack of ability to put in parenthesis to affect the order of evaluation. This makes it difficult sometimes to figure out how to set it up to do only the nodes you want.
For example, a legacy way of grouping our nodes is by a custom property in which we have our nodes divided up into different groups based on their business group and function. So, lets say I want to run rules on all the switches in several business groups, but only Cisco switches and NOT any Cisco SG300 or other Cisco SG switches (because they're a different OS). What I want to do is something like this:
Vendor is *Cisco*
and Machine Type is not Cisco SG*
and (
DeviceGroup is BU1-Switches
or DeviceGroup is BU2-Switches
or DeviceGroup is BU3-Switches
)
But, I can't. The simple and/or structure with no parenthesis makes it difficult to do what I want.
Admittedly, there might be a better way to group my devices that could make this easier, but this is a legacy thing that the powers-that-be don't want changed, and different BU's might have different rules, so grouping by device type won't work well...
Something like what they've done in the "Advanced Config Search" portion of Compliance Manager would work nicely!!
