Define Endpoint Groups

To easily apply policy rules to specific endpoints, you can define an endpoint group. There are two methods you can use to define an endpoint group:
  • Create a dynamic group by allowing Cortex XDR to populate your endpoint group dynamically using endpoint characteristics such as a partial hostname or alias; full or partial domain or workgroup name; IP address, range or subnet; installation type (VDI, temporary session, or standard endpoint); agent version; endpoint type (workstation, server, mobile); or operating system version.
  • Create a static group by selecting a list of specific endpoints.
After you define an endpoint group, you can then use it to target policy and actions to specific recipients. The Endpoint Groups page displays all endpoint groups along with the number of endpoints and policy rules linked to the endpoint group.
To define an endpoint static or dynamic group:
  1. From Cortex XDR, select
    Endpoints
    Endpoint Groups
    +Add Group
    .
  2. Select either
    Create New
    to create an endpoint group from scratch or
    Upload From File
    to populate a static endpoint group from a file containing IP addresses, hostnames, or aliases.
  3. Enter a
    Group Name
    and optional
    Description
    to identify the endpoint group. The name you assign to the group will be visible when you assign endpoint security profiles to endpoints.
  4. Determine the endpoint properties for creating an endpoint group:
    • Dynamic
      —Use the filters to define the criteria you want to use to dynamically populate an endpoint group. Dynamic groups support multiple criteria selections and can use
      AND
      or
      OR
      operators. For endpoint names and aliases, and domains and workgroups, you can use
      *
      to match any string of characters. As you apply filters, Cortex XDR displays any registered endpoint matches to help you validate your filter criteria.
      endpoint-group-dynamic.png
      Cortex XDR supports only IPv4 addresses.
    • Static
      —Select specific registered endpoints that you want to include in the endpoint group. Use the filters, as needed, to reduce the number of results.
      When you create a static endpoint group from a file, the IP address, hostname, or alias of the endpoint must match an existing agent that has registered with Cortex XDR.
      You can select up to 250 endpoints.
      endpoint-group-static.png
  5. Create the endpoint group.
    After you save your endpoint group, it is ready for use to assign security profiles to endpoints and in other places where you can use endpoint groups.
  6. Manage an endpoint group, as needed.
    At any time, you can return to the Endpoint Groups page to view and manage your endpoint groups. To manage a group, right-click the group and select the desired action:
    • Edit
      —View the endpoints that match the group definition, and optionally refine the membership criteria using filters.
    • Delete
      the endpoint group.
    • Save as new
      —Duplicate the endpoint group and save it as a new group.
    • Export group
      —Export the list of endpoints that match the endpoint group criteria to a tab separated values (TSV) file.

Recommended For You