Overview of the ZeroLock™ Management Console's Endpoint Groups homepage that provides logical structure and control of the endpoint.
Endpoint Groups provide logical structure and control of the endpoint. Since Endpoint Groups may be assigned to multiple endpoints, this allows for multiple endpoints, and their associated alerts, to be managed as one.
The User Roles assigned will apply to the endpoints within the group. For example, the ZeroLock™ Management Console (ZMC) administrator can create a group of all endpoints with database servers. Creation of specific User Roles provides the ability to differentiate the access and permissions given to the database administrators to that given to Security Operations Center personnel.
Users assigned to the User Roles that were given rights in the created Endpoint Group will be able to view endpoints and alerts within that group and use any features that have been assigned to them via the Endpoint Group.
NOTE: To fully utilize Endpoint Groups, you must first set up User Roles on your ZeroLock™ system. A link to the guide on creating and assigning these roles can be found in the article How to Create a User Role.
- EXPORT DATA - Allows downloading all the information on your screen in CSV format. Clicking either will download all the information on your screen in CSV format.
- Add New Group - Select this button when you want to create a new Endpoint Group.
- Column Headings - The column headings are mostly self-explanatory. IDs are system generated. Roles with Access refer to roles that have been given access to endpoint group. “# of Endpoints” refers to the number of Endpoints that the group has been assigned to.
- Endpoint Groups - The names and descriptions of the endpoint groups that currently exist in the environment.
- Endpoint Status - The display shows the connection status of the configured endpoints.
- View - Provides a drop down listing of the screen configurations, i.e., layouts or views, that are available. Initially, the only option in the VIEW drop-down list is All, as there is only one default layout or view. Once other layouts are created, they will appear on the list as well.
- Edit - Selecting the cog or gear symbolbrings up the Edit View pop-up screen. This screen enables changing of the layout (view) of the columns such as moving columns or even hiding columns altogether. The different views you create may be saved under their own name for easy access from the VIEW tab.
When the Edit View screen first appears, the only option is Save A Copy. Once you select any column, Modified, Reset, and Save As will replace it.
- Modified – is static and only shows that the ‘original’ layout (view) has been changed. The label goes away when it’s saved.
- Reset – erases your changes, returning the profile back to its original configuration.
- Save As – allows you to name and save the view you created.
For the new view, the Last Check In column was hidden. To save this new layout or view, click Save As, which brings up the Save View As screen. Enter a name for the new view then select Save As which will return you to the previous screen.
Clicking the Done button completes the process and opens to the new Endpoint screen layout or view.
Creating a New Endpoint Group
- Navigate to the System Configuration | Endpoint Groups page then select Add New Group.
- On the New Group pop-up, you are presented with four (4) fields.
a. Name/Description – consists of the name and description of the new endpoint group.
b. Endpoint Count – the number of endpoints that the group has been assigned to. This number is automatically updated when an endpoint is added to the group.
c. Role with Access – Select this only if you want all roles within the group to be able to view and make changes to their permissions on the endpoint.
d. Column Headings
i. Role - Refers to the name given to a ‘User Role’ in the endpoint group. User Roles are created with a set of permissions, any user added to that User Role inherits those permissions.
ii. Allow Access – Denotes access to view and modify their assigned Endpoint and Alerts settings. If checkbox is white, access has been allowed.
iii. Show Permissions – Allows the endpoint group access for the select User Role to be defined at detail.
Modifying an Endpoint Group
Once the new Endpoint Group is created, it may be edited either by selecting the box at the beginning of the row or clicking anywhere along that row and selecting Edit.
- Selecting the All box will allow all User Roles to have the same permissions currently set for this Endpoint Group. The "superuser" role must have access to all Endpoint Groups and is selected with full rights by default.
- To customize the rights for each User Role, click the Eye Icon to expand the specific options for that User Role. Select any boxes for specific features you want users with that role to have access to control within this new Endpoint Group. The options relate directly to different features on the Endpoints and Alerts pages. The options are:
Change Endpoint Version
Gives access to both the Update Agent Version and Re-install Agent Version features, which allow users to revert an endpoint's agent version to a previously installed version.
Deactivate Endpoint Protection
Turns off but does NOT uninstall the ZeroLock Agent, which is what provides the protection to the endpoint.
This option allows the reactivation of the agent and subsequent protection of the endpoint. The endpoint status light will briefly turn red indicating the endpoint is offline and unprotected. The status will quickly change to yellow meaning it’s connected but unprotected.
Activate Endpoint Protection
Immediately returns the endpoint to a state of protection (status = green).
Uninstall Agent on Endpoint
Immediately place the endpoint offline and in unprotected (status = red). To re-install the agent, follow the steps outlined in ZeroLock Agent Installation.
Gives access to the Archive Endpoint feature, which allows users to archive an endpoint, permanently removing it from the Endpoints page. This can only be done after an endpoint has been shut down.
The query entry filed is accessed by double-clicking on an endpoint on the Endpoints page then selecting the Maintenance tab.
The Endpoint Query field provides a variety of in-depth options to gather details about the status of an endpoint and the agent actively running on it.
Change Configuration Profile
Gives access to the Set Endpoint Config feature, which allows users to set the Configuration Profile that the endpoint will follow.
Endpoints may only be assigned one Configuration Profile at a time.
Change Endpoint Groups
Gives access to the Add Group and Remove Group features, which allows users to add or remove Endpoint Groups that each endpoint is assigned to, controlling the users that can view and modify each endpoint.
Endpoints may be assigned to multiple Endpoint Groups.
Manage Endpoint Quarantine
Gives access to the Quarantine Endpoint and Unquarantine Endpoint features, which allow users to isolate endpoints that are dealing with active threats to prevent lateral movement.
Manual quarantines may be done for a predetermined amount of time or indefinitely.
Endpoints that have been quarantined either manually or automatically due to detected threats can be unquarantined with this feature.
Gives access to a bash shell on the endpoint to run basic commands without having to manually log into the endpoint.
This is accessible by double-clicking on a specific endpoint on the Endpoints page to access the Endpoint Details page and clicking on the Shell tab.
Populates the users' Alerts page with all alerts on endpoints that are assigned to this Endpoint Group.
View Alert Details
Allows the capability to view the details of an alert, accessible by double-clicking on any alert on the Alerts page to access the Alert Details page.
Respond to Alerts
Gives users the capability to respond to suspended alerts. Options are to Kill & Remediate the process or Release the suspension and allow the process to continue.
- Once all User Roles and rights are assigned as desired, click Create to create the Endpoint Group and save the settings you have applied.
Assign Endpoint Group to Endpoint Systems
- Once an Endpoint Group is created, it must be applied to at least one endpoint. To do so, navigate to the Endpoints page. Once there, select the endpoint(s) that the Endpoint Group will be applied to. Click the Actions drop-down menu and select Add to Groups.
- Choose one or more groups to add to the selected endpoints. Then click the Commit Changes button.
- Back on the Endpoints home page you can see that your changes are in place.