Build reusable scope with hand-picked static membership, rule-driven dynamic membership, live preview, bulk add, and groups that act as scope everywhere PMAP accepts one.
This guide shows how to create both group types in PMAP. A static group carries explicit membership you control by hand. A dynamic group stores a JSONB rule that resolves membership at evaluation time. You learn how the platform models each, when to reach for one over the other, and how to author rules against your asset taxonomy.
It is written for asset owners and vulnerability managers who need consistent scoping. By the end you can refine a dynamic rule with the preview endpoint before committing it, bulk-add up to 5,000 assets in a single call with duplicates skipped and cross-company assets rejected, read the criticality breakdown on the detail page, and reuse the group id as scope across scans, reports, and dashboards.
Inside this guide
- Understand how static and dynamic membership resolve differently.
- Create a static group with a name the platform keeps unique per company.
- Bulk-add up to 5,000 assets in one call, with duplicates and cross-company assets handled safely.
- Preview a dynamic rule before saving so you commit only the criteria you intend.
- Read evaluated membership and the criticality breakdown on the detail page.
- Edit a group and remove stale members cleanly.
- Use the group as scope downstream and export the list to CSV or XLSX.
Before you start
- A PMAP account with asset_group create, update, and delete permissions in your working company scope.
- An already populated asset inventory, because both membership types read from the assets table.
- Familiarity with your taxonomy: asset_type, asset_class, criticality, tags, location_id, and your network CIDR ranges.
- A clear naming convention, since the platform enforces a unique group name per company and a collision returns 409 Conflict.
- Knowledge of which scan, report, or dashboard surface will consume the group id if you plan to use it downstream.
