| 主权项 |
1. A system, comprising:
a processor configured to:
receive a policy that includes an address group object, wherein the address group object abstracts a set of computing assets;compile the policy into a set of one or more rules, at least in part by substituting, for the address group object, a set of one or more IP addresses of computing assets determined to be members of an address group corresponding to the address group object, wherein determining the members of the address group includes querying a set of one or more repositories of computing asset information using a set of match criteria, wherein at least one criterion in the set of match criteria pertains to a characteristic of a computing asset;determine, based at least in part on a detected change to the address group, that at least one rule included in the set of rules should be recompiled;in response to the determination, perform a recompilation, including by substituting a first IP address in an out-of-date rule for a second IP address to create an updated rule; andenforce the updated rule at least one rule; and a memory coupled to the processor and configured to provide the processor with instructions. |
