Endpoint Sources - GroupsEndpoint Sources - Groups
Note: The information in this topic applies to NetWitness Version 11.3 and later.
The (Admin) > Endpoint Sources view contains two tabs: Groups and Policies.
Workflow
What do you want to do?
User Role | I want to ... | Show me how |
---|---|---|
Administrator |
create new groups* |
|
Administrator |
edit groups* |
|
Administrator |
edit ranking* |
|
Administrator |
delete groups* |
|
Administrator |
view default policies |
|
Administrator |
create an EDR policy |
|
Administrator |
create a Windows Log policy |
|
Administrator |
edit policies |
|
Administrator |
delete policies |
*You can perform this task in the current view.
Related Topics
Quick Look
Below is an example of the Groups tab:
1 |
Toolbar
|
2 |
Filter Pane
For more information, see Filter Endpoint Groups. |
3 |
Groups List Pane
You can also sort on any column. If you mouse over a column header, a sort icon is displayed: . Click the icon to sort by the selected column. |
4 |
Group Details Pane Displays the properties of the selected group. Note: Click the row to view the Properties panel for a group. |
Create Group
Below is an example of the Create Group dialog. The table describes the information and options in the Create Group dialog.
Field | Description |
---|---|
Group Name |
Name of the group. The name should be unique. |
Group Description |
Description of the group and should not exceed 8000 characters. |
Define Group
Below is an example of Define Group panel. The table describes the information and options in the Define Group panel:
Field | Description |
---|---|
Include source if ...of the conditions are met |
Defines the conditions for an agent to be included in the group. Available options are all or any. |
Parameter |
The parameter can be OS Type, OS Description, Host Name, IPv4, IPv6, Machine OU, Tag, and Subnet.
Note: If you do not want to include certain IP addresses, use the Not in operator, and enter the IP address separated by a space or a comma. |
Operator |
The choice of values is dependent upon the parameter you chose. For example, if your parameter is OS Type, the only operator available is in.
|
Value or values to match |
The value or values to match. For the OS Type parameter, you can choose one or more values from the drop-down list. For all other parameters, you can enter free-form text. Note: Although you can enter any text for values, the system validates your entries when you attempt to proceed to another screen, and will not allow you to proceed until values are valid. |
Add condition |
Lets you add another condition. |
Apply Policies
Below is an example of Apply Policies panel. The table describes the information and options in the Apply Policies panel:
Field | Description |
---|---|
Source Type | Defines the source type for the group. Available options are Agent Endpoint and Agent Windows Logs. |
Available Policies | List the available policies associated with the source type. |
Selected Policies |
List the policies selected. |
Add Another Source Type | Lets you add another source type. |
Save and Close |
Saves the settings and closes the Create Group dialog. |
Publish Now |
Publishes the created group. |
Ranking Groups
Below is an example of the Ranking Groups dialog. The table describes the information and options in the Ranking Groups dialog.
Field | Description |
---|---|
Source Type | Establishes ranking for the source type. Available options are Agent Endpoint and Agent Windows Logs. |
Below is an example of the Edit Ranking panel.
From this panel, you can do the following:
- Drag the group up or down to change the priority. Priority decreases from top to bottom.
- Turn the Simulate slider on or off, to simulate your policy settings and how they affect the endpoints within their groups. For more details, see Simulation Examples.
-
Use the available buttons to perform actions:
- Reset Ranking: Resets the ranking to the original order.
- Set Top Ranking: Moves the selected group to the top.
- Previous: Navigates to the Choose Source Type panel.
- Publish Ranking: Lets you edit the details of an existing group. For more information, see Edit a Group.
- Cancel: Discards the changes and returns to the Groups tab.