Endpoints
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Endpoints

      Endpoint Groups

      Overview of ZeroLock® Endpoint Groups creation, modification and assignment.

      Endpoint Groups provide logical structure and control of the endpoint.  Since Endpoint Groups may be assigned to multiple endpoints, this allows for multiple endpoints, and their associated alerts, to be managed as one.

      The User Roles assigned will apply to the endpoints within the group.  For example, the ZeroLock Management Console (ZMC) administrator can create a group of all endpoints with database servers.  Creation of specific User Roles provides the ability to differentiate the access and permissions given to the database administrators to that given to Security Operations Center personnel.  

      Users assigned to the User Roles that were given rights in the created Endpoint Group will be able to view endpoints and alerts within that group and use any features that have been assigned to them via the Endpoint Group.

      NOTE: To fully utilize Endpoint Groups, you must first set up User Roles on your ZeroLock® system. A link to the guide on creating and assigning these roles can be found in the article How to Create a User Role.

      Creating a New Endpoint Group

      1. Navigate to the System Configuration | Endpoint Groups page then select Add New Group
        SysConfig Endpoints Add New Group 2.0.1

      2. On the New Group pop-up, you are presented with four (4) fields.

      New Group Screen 2.0.1-1

      a.  Name/Description – consists of the name and description of the new endpoint group.

      b.  Endpoint Count – the number of endpoints that the group has been assigned to.  This number is automatically updated when an endpoint is added to the group.

      c.  Role with Access – Select this only if you want all roles within the group to be able to view and make changes to their permissions on the endpoint.
      d.  Column Headings

      i.  Role - Refers to the name given to a ‘User Role’ in the endpoint group. User Roles are created with a set of permissions, any user added to that User Role inherits those permissions.

      ii.  Allow Access – Denotes access to view and modify their assigned Endpoint and Alerts settings.  If checkbox is white, access has been allowed.

      iii.  Show Permissions – Allows the endpoint group access for the select User Role to be defined at detail.   

      Modifying an Endpoint Group

      Once the new Endpoint Group is created, it may be edited either by selecting the box at the beginning of the row or clicking anywhere along that row and selecting Edit.

      Select Endpoint Group 2.0.1

      1. Selecting the All box will allow all User Roles to have the same permissions currently set for this Endpoint Group.  The "superuser" role must have access to all Endpoint Groups and is selected with full rights by default.
        All Box 2.0.1
      2. To customize the rights for each User Role, click the Eye Icon to expand the specific options for that User Role. Select any boxes for specific features you want users with that role to have access to control within this new Endpoint Group. The options relate directly to different features on the Endpoints and Alerts pages. The options are:
        Edit Group Endpoints and Alerts v3.1.5

        Endpoints Section

        1

        Change Endpoint Version

        Gives access to both the Update Agent Version and Re-install Agent Version features, which allow users to revert an endpoint's agent version to a previously installed version.
        2

        Deactivate Endpoint Protection

        Turns off but does NOT uninstall the ZeroLock Agent, which is what provides the protection to the endpoint. 

        This option allows the reactivation of the agent and subsequent protection of the endpoint.  The endpoint status light will briefly turn red indicating the endpoint is offline and unprotected. The status will quickly change to yellow meaning it’s connected but unprotected.
        3

        Activate Endpoint Protection

        Immediately returns the endpoint to a state of protection (status = green).
        4

        Uninstall Agent on Endpoint

        Immediately place the endpoint offline and in unprotected (status = red).  To re-install the agent, follow the steps outlined in ZeroLock Agent Installation.
        5

        Archive Endpoint

        Gives access to the Archive Endpoint feature, which allows users to archive an endpoint, permanently removing it from the Endpoints page. This can only be done after an endpoint has been shut down.
        6

        Send Queries

        The query entry filed is accessed by double-clicking on an endpoint on the Endpoints page then selecting the Maintenance tab.

        The Endpoint Query field provides a variety of in-depth options to gather details about the status of an endpoint and the agent actively running on it.
        7

        Change Configuration Profile

        Gives access to the Set Endpoint Config feature, which allows users to set the Configuration Profile that the endpoint will follow.

        Endpoints may only be assigned one Configuration Profile at a time.
        8

        Change Endpoint Groups

        Gives access to the Add Group and Remove Group features, which allows users to add or remove Endpoint Groups that each endpoint is assigned to, controlling the users that can view and modify each endpoint.

        Endpoints may be assigned to multiple Endpoint Groups.
        9

        Manage Endpoint Quarantine

        Gives access to the Quarantine Endpoint and Unquarantine Endpoint features, which allow users to isolate endpoints that are dealing with active threats to prevent lateral movement.

        Manual quarantines may be done for a predetermined amount of time or indefinitely.

        Endpoints that have been quarantined either manually or automatically due to detected threats can be unquarantined with this feature.
        10

        Shell Access

        Gives access to a bash shell on the endpoint to run basic commands without having to manually log into the endpoint.

        This is accessible by double-clicking on a specific endpoint on the Endpoints page to access the Endpoint Details page and clicking on the Shell tab.

        Alerts Section

        11

        View Alerts

        Populates the users' Alerts page with all alerts on endpoints that are assigned to this Endpoint Group.
        12

        View Alert Details

        Allows the capability to view the details of an alert, accessible by double-clicking on any alert on the Alerts page to access the Alert Details page.
        13

        Respond to Alerts

        Gives users the capability to respond to suspended alerts. Options are to Kill & Remediate the process or Release the suspension and allow the process to continue.
      3. Once all User Roles and rights are assigned as desired, click Create to create the Endpoint Group and save the settings you have applied.
      Role 1 Edit Group Update v3.1.5


      Assign Endpoint Group to Endpoint Systems

      1. Once an Endpoint Group is created, it must be applied to at least one endpoint. To do so, navigate to the Endpoints page.   Once there, select the endpoint(s) that the Endpoint Group will be applied to. Click the Actions drop-down menu and select Add to Groups.
        Assign Endpoint Group v3.1.5

      2. Choose one or more groups to add to the selected endpoints. Then click the Commit Changes button.
        Add Endpoint to Group 2.0.1

      3. Back on the Endpoints home page you can see that your changes are in place.

      Endpoint Group 1 on homepage v3.1.5

      Congratulations, you have successfully created and assigned an Endpoint group.