Endpoint Config: Manage Groups

Document created by RSA Information Design and Development on Apr 11, 2019Last modified by RSA Information Design and Development on Nov 18, 2019
Version 11Show Document
  • View in full screen mode
 

Note: The information in this topic applies to RSA NetWitness Platform Version 11.3 and later.

You can view group details, edit group details, filter endpoint groups, delete groups, and edit group ranking. For details on how to create groups, see Create a Group.

View Group Details

To view properties of the selected group:

  1. Go to ADMIN > Endpoint Sources.

  2. In the left panel, select the Groups tab. The details, such as group name, source count, policies applied, group descriptions, source type applied, and publication status are displayed. For more details on these columns, see Endpoint Sources - Groups.

  3. Click the row to view the properties in the right-panel.

    Group Properties

Filter Endpoint Groups

The Filters Panel allows you to filter the list of displayed groups, based on the one of the following source type:

  • Agent Endpoint
  • Agent Windows Logs

Additionally, you can sort based on publication status:

  • Published - Groups that are published to use.

  • Unpublished - Groups that are saved but not published.
  • Unpublished Edits - Groups that are previously published and edited later and saved, but not published.

Filter group

The Filters panel can be hidden or displayed:

  • To hide, click the Close icon at the top-right of the panel.
  • To display if hidden, click the Filter icon in the toolbar.

Click Reset Filters to remove the currently applied filter criteria.

Edit a Group

You can edit the properties of the group at any point in time. To edit properties of a group:

  1. Go to ADMIN > Endpoint Sources.

  2. Select a group and click Edit.

    Groups tab

  3. Edit the group details as required.

  4. Do one of the following:
    • Click Save and Close to save the changes and return to the Groups view. The group will be listed under the Unpublished Edits category.
    • Click Publish Now to publish the changes.

Change Policy Ordering for Groups

An endpoint agent can be included in multiple groups. And these groups can have different policies applied to them. In this case, you can edit the ordering or ranking of policies, to specify a hierarchy for your policies. To edit the ordering or ranking of a group:

  1. Go to ADMIN > Endpoint Sources.

  2. Select the Groups tab and click Edit Ranking.

    Edit Ranking

  3. Select one of the following source type for the drop-down list:

    • Agent Endpoint to rank the groups associated with Agent Endpoint type policies.
    • Agent Windows Logs to rank the groups associated with Agent Windows Log type policies
  4. Click Next.

  5. Reorder your groups as necessary.

    Edit ranking

    1. Select reorder Endpoint Group ranking next to a group.
    2. Drag the group up or down to change the priority. Priority decreases from top to bottom.
    3. Repeat moving groups until they are ordered as you prefer.

    Note: To move any group to the top, select the group and click Set Top Ranking.

  6. Once you have the preferred order, click the appropriate option:

    • Publish Ranking for the new ranking to take effect.
    • Reset Ranking to reset the ranking to the last saved or published order.
    • Cancel to exit without changing the rankings.

Delete a Group

To delete a group:

  1. Go to ADMIN > Endpoint Sources.

  2. The Groups tab and available groups are displayed.

    Delete a group

  3. Select one or more groups and click Delete.

  4. Click Delete. The confirmation message is displayed.

  5. In the Delete Groups dialog, click Delete Group(s) to permanently delete the selected groups.

Next Topic:Manage Policies
You are here
Table of Contents > Manage Groups

Attachments

    Outcomes