Automation
Automation rules automatically apply tags to agents based on matching criteria. Instead of manually tagging every new endpoint, define rules that evaluate agent properties and assign tags when conditions are met.
How automation works
Each rule defines a set of conditions, a target tag, and one or more triggers that control when the rule runs. When a rule is triggered and the agent matches all conditions, the target tag is applied automatically.
Trigger types
Every automation rule can be configured with any combination of these triggers:
| Trigger | Description |
|---|---|
| Run on new agent enrollment | Evaluates the rule automatically when a new agent registers. This is a per-rule toggle, not a global setting. |
| Scheduled execution | Runs the rule on a cron schedule (e.g., every 30 minutes, hourly, every 4 hours). Useful for catching agents whose properties have changed since last evaluation. |
| Manual | Run the rule on demand using the Apply Rule action from the rule list or detail page. Evaluates the rule against all existing agents immediately. |
A single rule can have multiple triggers active at the same time. For example, a rule might run on new enrollment and also on an hourly schedule.
Creating a rule
Navigate to Agents > Automation and click Create Rule. Configure the following fields:
Name
A descriptive name for the rule (e.g., "Tag Windows Servers", "Mark Linux Production Hosts"). This appears in the rule list and in audit logs when the rule applies a tag.
Conditions
Rules use condition groups to build flexible matching logic. Each group contains one or more conditions, and you choose whether a group requires all conditions to match (AND logic) or any condition to match (OR logic). Multiple groups are combined with OR logic between them.
Available condition fields:
| Field | Description | Example |
|---|---|---|
| Hostname | Computer name | Hostname contains prod |
| Operating System | OS name | Operating System equals Windows |
| OS Version | Specific version string | OS Version contains Server 2022 |
| IP Address | Internal IP | IP Address starts with 10.0.1 |
| Manufacturer | Hardware manufacturer | Manufacturer equals Dell Inc. |
| Model | Hardware model | Model contains PowerEdge |
| Domain | Active Directory domain | Domain equals corp.example.com |
| Status | Agent connection state | Status equals online |
Available operators: equals, does not equal, contains, does not contain, starts with, ends with, matches regex.
Target tag
The tag to apply when conditions are met. Select an existing tag from the dropdown, or create a new one inline.
Triggers
Configure when the rule should run:
- Run on new agent registration - Toggle this on to evaluate the rule automatically whenever a new agent enrolls.
- Scheduled execution - Enable a cron schedule and choose a frequency. Quick presets are available: every 30 minutes, hourly, every 2 hours, or every 4 hours. You can also enter a custom cron expression.
If neither trigger is enabled, the rule only runs when you manually click Apply Rule.
Priority
A numeric value that controls the order in which rules are evaluated. Lower numbers are evaluated first. Priority is relevant when you want certain rules to run before others, though in practice all matching rules apply their tags regardless of order.
Rule evaluation order
Rules are evaluated by priority (lowest number first). If multiple rules match the same agent, all matching tags are applied. There is no conflict between rules. Tags from different rules accumulate on the agent.
For example, if Rule A assigns "os-windows" and Rule B assigns "env-production", an agent matching both rules receives both tags.
Automation rules only add tags. They do not remove tags that were manually assigned or added by other rules.
Managing rules
The Agents > Automation page displays all rules in a data table with columns for name, target tag, status, match count, and last applied timestamp. Click any row to expand it and see the rule's full condition logic.
From this page you can:
- Enable/disable - Toggle a rule on or off without deleting it. Disabled rules are skipped during all evaluation (enrollment, scheduled, and manual).
- Edit - Open the rule detail page to modify conditions, triggers, target tag, or priority.
- Apply Rule - Manually evaluate the rule against all existing agents immediately.
- Duplicate - Create a copy of the rule with the schedule disabled, useful for creating variations of existing rules.
- View match count - See how many agents currently match the rule's conditions.
- Delete - Permanently remove a rule. Tags that were already applied by the rule remain on agents.
Applying rules manually
Click Apply Rule from the rule's action menu to evaluate it against all existing agents immediately. A confirmation dialog shows:
- How many agents match the rule's conditions
- How many agents will receive a new tag (agents that already have the tag are skipped)
This is useful when:
- You created a new rule and want it applied to your current fleet right away.
- You changed conditions on an existing rule and want to see updated results.
- The rule has no automatic triggers (no enrollment trigger and no schedule).
For large fleets, applying a rule evaluates every agent against the rule's conditions. This is a lightweight operation, but the resulting tag assignments may take a few moments to propagate across all endpoints.