At the present time, EP Groups are limited to hard-coded lists of members for a given static attributes (SAs) for the endpoints. Internal to the database, group members are based on an SA id and a list of text strings pertinent to that particular id (e.g. hostname, username, city, state, location, subnet, etc.). There are no "query" capabilities.
We concentrates the management of lists of users (and machines) into groups in their LDAP Active Directory.
Eventually, we want to be able to manage groups of users in AD, and then specify the LDAP group name in Aternity so Aternity can build its Endpoint Group by querying for a list of users (or machine names) from LDAP.
E.g., the LDAP query to get the users from an AD group called "CTM-G-Aternity_ROS1-Users" might look something like...