Endpoint Config: Groups Reference

Document created by RSA Information Design and Development on Apr 11, 2019Last modified by RSA Information Design and Development on Apr 11, 2019
Version 2Show Document
  • View in full screen mode
 

Note: The information in this topic applies to RSA NetWitness® Platform Version 11.3 and later.

The ADMIN > Endpoint Sources view contains two tabs: Groups and Policies.

Workflow

Creating and managing Endpoint groups

What do you want to do?

                                                          
User RoleI want to ...Show me how
Administrator

create new groups*

Create a Group

Administratoredit groups*

Edit a Group

Administratoredit ranking*

Change Policy Ordering for Groups

Administratordelete groups*

Delete a Group

Administrator

view default policies

Default Agent Endpoint (EDR) Policy
Administrator

create an EDR policy

Create an EDR Policy
Administrator

create a Windows Log policy

Create a Windows Log Policy
Administrator

edit policies

Edit a Policy
Administrator

delete policies

Delete a Policy

*You can perform this task in the current view.

Related Topics

Quick Look

Below is an example of the Groups tab:

Groups

                     
1

Actions in the toolbar:

Create New - Lets you create a new group. For more information, see Create a Group

Edit Ranking - Lets you edit the ranking of groups. For more information, see Change Policy Ordering for Groups

Publish - Publishes the selected group or groups.

Edit - Lets you edit the details of an existing group. For more information, see Edit a Group.

Delete - Deletes the selected group or groups permanently. For more information, see Delete a Group.

2

Filters. You can filter groups based on Source Type and Publication Status.

To hide, click the Close icon at the top-right of the panel. To display if hidden, click the Filter icon in the toolbar.

Reset - Removes the currently applied filter criteria.

For more information, see Filter Endpoint Groups.

3

Table. Displays the group details:

  • Group name - Name of the group.
  • Source Count: Number of hosts that are currently members of the group.
  • Policies applied: Lists the policies applied to this group.
  • Group description - Description of the group.
  • Source Types Applied: Type of policies applied to the group: Agent Endpoint, Agent Windows Logs, or both
  • Publication Status: Status of the group - Published or Unpublished.

Sort Columns. If you mouse over a column header, a sort icon is displayed: . Click the icon to sort by the selected column.

4

Details panel. Displays the properties of the selected group.

Note: Click the row to view the Properties panel for a group.

Create Group

Below is an example of the Create Group dialog. The table describes the information and options in the Create Group dialog.

Identify Group

                   
FieldDescription
Group NameName of the group. The name should be unique.

Group Description

Description of the group and should not exceed 8000 characters.

 

Below is an example of Define Group panel. The table describes the information and options in the Define Group panel:

Define group

                               
FieldDescription
Include source if ...of the conditions are met

Defines the conditions for an agent to be included in the group. Available options are all or any.

Parameter

The parameter can be OS Type, OS Description, Host Name, IPv4, or IPv6.

  • OS Type - Type of operating system. Available options are: Windows, Linux, and MacOS.
  • OS Description - Description of the operating system. The description should not exceed 256 characters. Available operators are: is equal to, contains, start with, and ends with. For example, Microsoft Windows 10 Enterprise.
  • Host name - Name of the host. The host name can contain only alphanumeric characters. Available operators are: is equal to, contains, start with, ends with, and in. For example, DESKTOP-QQPDNG3.
  • IPv4 and IPv6 - IP address. Available operators are: between, in, not in, and between. For example, 10.40.15.220.

Note: If you do not want to include certain IP addresses, use the Not in operator, and enter the IP address separated by a space or a comma.

Operator

 

The choice of values is dependent upon the parameter you chose. For example, if your parameter is OS Type, the only operator available is in.

 

Value or values to match

The value or values to match. For the OS Type parameter, you can choose one or more values from the drop-down list. For all other parameters, you can enter free-form text.

Note: Although you can enter any text for values, the system validates your entries when you attempt to proceed to another screen, and will not allow you to proceed until values are valid.

Add condition

Lets you add another condition.

 

Below is an example of Apply Policies panel. The table describes the information and options in the Apply Policies panel:

Apply policy

                                   
FieldDescription
Source TypeDefines the source type for the group. Available options are Agent Endpoint and Agent Windows Logs.
Available PoliciesList the available policies associated with the source type.

Selected Policies

List the policies selected.

Add Another Source TypeLets you add another source type.

Save and Close

Saves the settings and closes the Create Group dialog.

Publish Now

Publishes the created group.

Ranking Groups

Below is an example of the Ranking Groups dialog. The table describes the information and options in the Ranking Groups dialog.

               
FieldDescription
Source TypeEstablishes ranking for the source type. Available options are Agent Endpoint and Agent Windows Logs.

Below is an example of the Edit Ranking panel.

             
1Drag the group up or down to change the priority. Priority decreases from top to bottom.
2Actions in the toolbar:
Previous - Navigates to the Choose Source Type panel.
Reset Ranking - Resets the ranking to the original order.
Set Top Ranking - Moves the selected group to the top.
Publish Ranking - Lets you edit the details of an existing group. For more information, see Edit a Group.
Cancel - Discards the changes and returns to the Groups tab.

Previous Topic:Packager Tab
You are here
Table of Contents > Endpoint References > Endpoint Sources - Groups

Attachments

    Outcomes