G.1 Include and Exclude

An Event Monitor scope is defined by the domain, container and group objects that are specified in its Include and Exclude lists. Presence in either one of the lists has different effects based upon the type of object chosen. By default, if there are no entries in either of these lists, the domain and all of its objects in which the product is installed are implicitly included. This is the default behavior of File Dynamics prior to the introduction of the scope feature.

Within an AD domain, there can be no ancestor/descendent relationship between areas of inclusion:

  • After you explicitly exclude a container, its subordinate containers are by default implicitly excluded. You cannot include any of its subordinate containers by explicitly including them.

  • If the scope is defined only by includes, the remainder of the AD domain is by default implicitly excluded, except for the explicitly included containers and their subordinate containers. You must explicitly include all portions of the AD domain that are of interest.

  • If the scope is defined only by excludes, the remainder of the AD domain is by default implicitly included, except for the explicitly excluded containers and their subordinate containers.

G.1.1 Include

The Include list provides a means for creating a white-list such that only specified objects are white-listed. Consequently, anything not contained within the Include list is implicitly excluded. This holds true for domains, containers, and groups.

Containers

After a container has been added to the Include list, all other objects that are not subordinate to it that are not added to the Include list are implicitly excluded. Any explicit include of a container applies to that container and the entire sub tree that is subordinate to it. In the case of includes, subordinate containers at any depth under the included container may be explicitly excluded to “prune off” portions of the domain that should be ignored.

Groups

After a group has been added to the Include list, all other groups in the same container as that group, which were not added to the Include list, are implicitly excluded. The members of a group are independently evaluated to determine if they are in scope or out of scope for event monitoring purposes. Any monitored change that occurs where the pairing of a group and a group member has either or both objects out of scope results in no change being reported for that particular pairing.

G.1.2 Exclude

The Exclude list provides a means for creating a black-list such that the specified objects and their respective subordinate objects are excluded and everything else is implicitly included. This holds true for domains, containers, and groups.

Containers

After a container has been added to the Exclude list, all other objects that are not subordinate to it that are not added to the Exclude list are implicitly included. Any explicit exclude of a container applies to the container and the entire sub tree that is subordinate to it. Explicit excludes of containers are “final”, in that no subordinate objects below and explicit exclude are allowed to be explicitly included.

Groups

After a group has been added to the Exclude list, all other groups in the same container as that group, which were not added to the Exclude list, are implicitly included. The members of a group are independently evaluated to determine if they are in scope or out of scope for event monitoring purposes. Any monitored change that occurs where the pairing of a group and a group member has either or both objects out of scope results in no change being reported for that particular pairing.