Creating an ExternalGroup

An ExternalGroup is a grouping of SaaS services (Azure Service/Region, GitHub), countries, and Threat Feeds that can be used in a Distributed Cloud Firewall (DCF) rule.

To create an ExternalGroup:

In CoPilot go to Groups > ExternalGroups. Ensure that you have the ExternalGroups page selected.
Click + ExternalGroup.

In the Create ExternalGroup dialog, provide the following information about your ExternalGroup:

Parameter	Description
Name	Name of the new ExternalGroup.
Resource Type	The resource(s) that comprise the ExternalGroup as specified by resource type and matching resource properties. You can add the following Resource Types: Azure Service or Service Region GitHub Countries Threat Feed (Default ThreatGroup) If you include more than one Resource Type, OR logic is applied between the Resource Types. AND logic is applied within the Resource Type.
Resource Type - Azure	Select one or more Azure cloud-based services or service regions. If you select this Resource Type but leave the value empty, this means that results will be returned for all of your Azure cloud-based services or regions.
Resource Type - GitHub	Select one or more GitHub services. If you select this Resource Type but leave the value empty, ths means that results will be returned for all of your GitHub services.
Resource Type - Country	Select a country. You can only add one country to an ExternalGroup.
Resource Type - Threat Feed	Select a Threat Feed (currently only the Default ThreatGroup populated from the Proofpoint Global Threat Database). You can only add one Threat Feed to an ExternalGroup.
Preview Resources	After entering your Resource Type, you can use the Preview Resources toggle to see the selected resources that map to the ExternalGroup.

Parameter

Description

Name

Name of the new ExternalGroup.

Resource Type

The resource(s) that comprise the ExternalGroup as specified by resource type and matching resource properties.

You can add the following Resource Types:

Azure Service or Service Region
GitHub
Countries
Threat Feed (Default ThreatGroup)

If you include more than one Resource Type, OR logic is applied between the Resource Types. AND logic is applied within the Resource Type.

Resource Type - Azure

Select one or more Azure cloud-based services or service regions.

If you select this Resource Type but leave the value empty, this means that results will be returned for all of your Azure cloud-based services or regions.

Resource Type - GitHub

Select one or more GitHub services.

If you select this Resource Type but leave the value empty, ths means that results will be returned for all of your GitHub services.

Resource Type - Country

Select a country. You can only add one country to an ExternalGroup.

Resource Type - Threat Feed

Select a Threat Feed (currently only the Default ThreatGroup populated from the Proofpoint Global Threat Database). You can only add one Threat Feed to an ExternalGroup.

Preview Resources

After entering your Resource Type, you can use the Preview Resources toggle to see the selected resources that map to the ExternalGroup.

Click Save. The new ExternalGroup is now in the ExternalGroups list.

Viewing ExternalGroup Details

blurb

Viewing SaaS-Based Details

You can click the name of the SaaS service in the list to view its resource criteria in the left pane (Service and Region for Azure, and Service for GitHub).

Viewing Threat Feed Details

You can click the Default ThreatGroup name in the list to view its IPs/CIDRs in the right-hand pane.

On the Rule References tab, clicking on a rule opens this rule on the Distributed Cloud Firewall > Rules tab.

Viewing Country Details

You can click a Country name to view its IPs/CIDRs and Rule References in the right-hand pane.