Managing Groups

Note: The information in this topic applies to NetWitness Version 11.3 and later.

You can view group details, edit group details, filter endpoint groups, delete groups, and edit group ranking. For details on how to create groups, see Create a Group.

View Group Details

To view properties of the selected group:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Endpoint Sources.

  2. In the left panel, select the Groups tab. The details, such as group name, source count, policies applied, group descriptions, source type applied, and publication status are displayed. For more details on these columns, see Endpoint Sources - Groups.

  3. Click the row to view the properties in the right-panel.

    groupprops.png

Filter Endpoint Groups

The Filters Panel allows you to filter the list of displayed groups, based on the one of the following source type:

  • Agent Endpoint
  • Agent Windows Logs

Additionally, you can sort based on publication status:

  • Published - Groups that are published to use.

  • Unpublished - Groups that are saved but not published.
  • Unpublished Edits - Groups that are previously published and edited later and saved, but not published.

netwitness_filtergroup_144x209.png

The Filters panel can be hidden or displayed:

  • To hide, click the netwitness_icon-close.png icon at the top-right of the panel.
  • To display if hidden, click the netwitness_ic-filter4.png icon in the toolbar.

Click Reset Filters to remove the currently applied filter criteria.

Edit a Group

You can edit the properties of the group at any point in time. To edit properties of a group:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Endpoint Sources.

  2. Select a group and click Edit.

  3. Edit the group details as required.

  4. Do one of the following:
    • Click Save and Close to save the changes and return to the Groups view. The group will be listed under the Unpublished Edits category.
    • Click Publish Now to publish the changes.

Delete a Group

To delete a group:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Endpoint Sources.

  2. The Groups tab and available groups are displayed.

    netwitness_editgroup_1077x208.png

  3. Select one or more groups and click Delete.

  4. Click Delete. The confirmation message is displayed.

  5. In the Delete Groups dialog, click Delete Group(s) to permanently delete the selected groups.