Smart Groups
In large AWS environments, a single misconfiguration pattern can produce dozens or even hundreds of individual findings. For example, if your organization has 50 S3 buckets and none of them have versioning enabled, that is 50 separate findings for the same underlying issue.
Smart Groups solve this problem by automatically grouping related findings together, reducing noise and enabling you to address patterns rather than individual instances.
How Smart Grouping Works
Guardian Pro analyzes your findings and automatically identifies groups of findings that share common characteristics. Grouping is based on the following criteria:
Same Check, Multiple Resources
The most common grouping scenario. When the same automated check fails across multiple resources, those findings are consolidated into a single Smart Group. For example:
- "S3 Bucket Versioning Not Enabled" affecting 23 buckets becomes one Smart Group with 23 members.
- "Security Group Allows Unrestricted SSH" across 8 security groups becomes one Smart Group with 8 members.
- "EBS Volume Not Encrypted" on 15 volumes becomes one Smart Group with 15 members.
Same Resource, Related Checks
When multiple related checks fail on the same resource, those findings may also be grouped. For example, an RDS instance that is unencrypted, lacks automated backups, and is not Multi-AZ might be grouped to give you a holistic view of that resource's issues.
What a Smart Group Looks Like
In the Action Centre, a Smart Group appears as a single card with the following information:
- Group title -- The common finding title shared by all members (for example, "S3 Bucket Versioning Not Enabled").
- Member count -- The number of individual findings in the group (for example, "23 findings").
- Severity -- The highest severity among all members. If a group contains both High and Medium findings, the group is displayed as High.
- Affected services -- The AWS services involved.
- Quick summary -- A description of the common issue.
Expanding a Smart Group
Click on a Smart Group to expand it and see all individual findings within the group. From the expanded view, you can:
- View the details of any individual finding.
- Select specific findings for remediation or other actions.
- Select all members for bulk actions.
Benefits of Smart Groups
Reduced Noise
Without grouping, a large environment might present thousands of individual findings that are visually overwhelming and difficult to prioritize. Smart Groups collapse related findings into manageable units, so your Action Centre shows patterns rather than repetition.
Pattern Recognition
Smart Groups make it immediately obvious when a systemic issue exists. Seeing "47 findings" next to "CloudTrail Not Enabled in Region" tells you this is an organization-wide gap, not an isolated oversight.
Efficient Remediation
Smart Groups integrate directly with bulk actions. You can select an entire Smart Group and remediate all members at once, fixing dozens of resources in a single operation instead of clicking through each one individually.
When you encounter a Smart Group with a large member count, consider whether a systemic fix is more appropriate than individual remediation. For example, an organization-wide S3 policy might be more effective than enabling versioning on each bucket individually.
Delegation
Smart Groups make it easier to assign work to the right team. A Smart Group titled "RDS Instance Missing Encryption" can be assigned to the database team, while "IAM Users Without MFA" goes to the identity team. The grouping aligns naturally with team responsibilities.
Smart Groups and Lenses
Smart Groups work with all lenses in the Action Centre:
| Lens | Smart Group Behavior |
|---|---|
| All | Groups are shown alongside individual findings, sorted by aggregate severity. |
| By Service | Groups are nested under their respective service categories. |
| Quick Wins | Only groups where all members qualify as quick wins are shown. |
| Cost Exposure | Groups are ranked by combined cost impact across all members. |
| Debt Age | Groups are sorted by the age of the oldest member. |
| Compliance | Groups are shown under the compliance control they relate to. |
Smart Groups and Filters
When you apply filters, Smart Groups update dynamically:
- Filtering by Severity: Critical shows only Smart Groups that contain at least one critical finding.
- Filtering by Service: EC2 shows only Smart Groups that contain EC2-related findings.
- Filtering by Status: Active shows only Smart Groups with active members.
If a filter reduces a Smart Group to a single member, that finding is displayed as an individual finding rather than a group.
Smart Groups and Bulk Remediation
Smart Groups are designed to work seamlessly with bulk remediation:
- Expand the Smart Group to see all members.
- Select all or select specific members.
- Click Remediate Selected to preview the batch remediation.
- Guardian Pro shows you a summary of what will change across all selected resources.
- Confirm to execute the batch.
For details on the remediation process, see Remediation. For bulk operations, see Bulk Actions.
When bulk-remediating a Smart Group, review the preview carefully. While all findings share the same check, the affected resources may have different configurations, dependencies, or blast radii. The preview will highlight any resources that require extra attention.
Frequently Asked Questions
Can I disable Smart Grouping?
Smart Groups are always active, but you can expand any group to see individual findings. If you prefer to work with findings individually, simply expand all groups.
How are groups prioritized?
Smart Groups are sorted by the highest severity among their members, then by member count. A group with 3 critical findings will appear above a group with 50 medium findings.
Do Smart Groups affect the health score?
No. The health score is calculated based on individual findings, not groups. Smart Groups are a display and workflow feature only.
Can I remediate a partial group?
Yes. You can expand a Smart Group, select a subset of members, and remediate only those. The remaining unremediated members stay in the group.
Next Steps
- Remediation -- Fix findings identified through Smart Groups.
- Bulk Actions -- Act on entire groups at once.
- Filtering and Search -- Narrow Smart Groups with filters.
- Action Centre Overview -- Return to the full overview.