Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Endpoint Config: Manage Groups

Document created by RSA Information Design and Development Employee on Apr 11, 2019Last modified by RSA Information Design and Development Employee on Mar 17, 2020
Version 15Show Document
  • View in full screen mode
 

Note: The information in this topic applies to RSA NetWitness Platform Version 11.3 and later.

You can view group details, edit group details, filter endpoint groups, delete groups, and edit group ranking. For details on how to create groups, see Create a Group.

View Group Details

To view properties of the selected group:

  1. Go to Admin > Endpoint Sources.

  2. In the left panel, select the Groups tab. The details, such as group name, source count, policies applied, group descriptions, source type applied, and publication status are displayed. For more details on these columns, see Endpoint Sources - Groups.

  3. Click the row to view the properties in the right-panel.

    Group Properties

Filter Endpoint Groups

The Filters Panel allows you to filter the list of displayed groups, based on the one of the following source type:

  • Agent Endpoint
  • Agent Windows Logs

Additionally, you can sort based on publication status:

  • Published - Groups that are published to use.

  • Unpublished - Groups that are saved but not published.
  • Unpublished Edits - Groups that are previously published and edited later and saved, but not published.

Filter group

The Filters panel can be hidden or displayed:

  • To hide, click the Close icon at the top-right of the panel.
  • To display if hidden, click the Filter icon in the toolbar.

Click Reset Filters to remove the currently applied filter criteria.

Edit a Group

You can edit the properties of the group at any point in time. To edit properties of a group:

  1. Go to Admin > Endpoint Sources.

  2. Select a group and click Edit.

  3. Edit the group details as required.

  4. Do one of the following:
    • Click Save and Close to save the changes and return to the Groups view. The group will be listed under the Unpublished Edits category.
    • Click Publish Now to publish the changes.

Delete a Group

To delete a group:

  1. Go to Admin > Endpoint Sources.

  2. The Groups tab and available groups are displayed.

    Delete a group

  3. Select one or more groups and click Delete.

  4. Click Delete. The confirmation message is displayed.

  5. In the Delete Groups dialog, click Delete Group(s) to permanently delete the selected groups.

Next Topic:Manage Policies
You are here
Table of Contents > Manage Groups

Attachments

    Outcomes