Define Endpoint Groups
To easily apply policy rules to specific endpoints, you can define an endpoint group. There are two methods you can use to define an endpoint group:
- Create a dynamic group by allowing Cortex XDR to populate your endpoint group dynamically using endpoint characteristics such as a partial hostname or alias; full or partial domain or workgroup name; IP address, range or subnet; installation type (VDI, temporary session, or standard endpoint); agent version; endpoint type (workstation, server, mobile); or operating system version.
- Create a static group by selecting a list of specific endpoints.
After you define an endpoint group, you can then use it to target policy and actions to specific recipients. The Endpoint Groups page displays all endpoint groups along with the number of endpoints and policy rules linked to the endpoint group.
To define an endpoint static or dynamic group:
- From Cortex XDR, select.EndpointsEndpoint ManagementEndpoint Groups+Add Group
- Select eitherCreate Newto create an endpoint group from scratch orUpload From File, using plain text files with new line separator, to populate a static endpoint group from a file containing IP addresses, hostnames, or aliases.
- Enter aGroup Nameand optionalDescriptionto identify the endpoint group. The name you assign to the group will be visible when you assign endpoint security profiles to endpoints.
- Determine the endpoint properties for creating an endpoint group:
- Dynamic—Use the filters to define the criteria you want to use to dynamically populate an endpoint group. Dynamic groups support multiple criteria selections and can useANDorORoperators. For endpoint names and aliases, and domains and workgroups, you can use*to match any string of characters. As you apply filters, Cortex XDR displays any registered endpoint matches to help you validate your filter criteria.Cortex XDR supports only IPv4 addresses.
- Static—Select specific registered endpoints that you want to include in the endpoint group. Use the filters, as needed, to reduce the number of results.When you create a static endpoint group from a file, the IP address, hostname, or alias of the endpoint must match an existing agent that has registered with Cortex XDR. You can select up to 250 endpoints.When you disconnect the Directory Sync Service (DSS) in your Cortex XDR deployment, it might affect existing endpoint groups and policy rules based on Active Directory properties.
- Create the endpoint group.After you save your endpoint group, it is ready for use to assign security profiles to endpoints and in other places where you can use endpoint groups.
- Manage an endpoint group, as needed.At any time, you can return to the Endpoint Groups page to view and manage your endpoint groups. To manage a group, right-click the group and select the desired action:
- Edit—View the endpoints that match the group definition, and optionally refine the membership criteria using filters.
- Deletethe endpoint group.
- Save as new—Duplicate the endpoint group and save it as a new group.
- Export group—Export the list of endpoints that match the endpoint group criteria to a tab separated values (TSV) file.
Recommended For You
Recommended videos not found.