Working with Endpoint Groups

Overview of ZeroLock® Endpoint Groups creation, modification and assignment.

Endpoint Groups provide logical structure and control of the endpoint.  Endpoint Groups may be assigned to multiple endpoints, allowing for the endpoints, and their associated alerts, to be managed as one.

Creating a New Endpoint Group

1. Navigate to the System Configuration | Endpoint Groups page then select Add New Group. 
   
   
   
2. The New Group pop-up has four (4) fields.

a.  Name/Description – consists of the name and description of the new endpoint group.

b.  Endpoint Count – the number of endpoints that the group has been assigned to.  This number is automatically updated when an endpoint is added to the group.

c.  Role with Access – Select this only if you want all roles within the group to be able to view and make changes to their permissions on the endpoint.
d.  Column Headings

i.  Role - Refers to the name given to a ‘User Role’ in the endpoint group. User Roles are created with a set of permissions, any user added to that User Role inherits those permissions.

ii.  Allow Access – Denotes access to view and modify their assigned Endpoint and Alerts settings.  If the checkbox is white, access has been allowed.

iii.  Show Permissions – Allows the endpoint group access for the select User Role to be defined in detail. 

Modifying an Endpoint Group

1. Once the new Endpoint Group is created, it may be edited by selecting the checkbox at the beginning of the line or clicking anywhere along the row and selecting Edit.
2. Selecting the All box will allow all User Roles to have the same permissions currently set for this Endpoint Group.  The "superuser" role must have access to all Endpoint Groups and is selected with full rights by default.
3. To view the rights for each User Role, click the Eye Icon to expand the specific options for that User Role.
   The tables below describe member permissions of Endpoint Groups.  
   

   1	Change Endpoint Version	Gives access to both the Update Agent Version and Re-install Agent Version features, which allow users to revert an endpoint's agent version to a previously installed version.
   2	Deactivate Endpoint Protection	Turns off but does NOT uninstall the ZeroLock Agent, which is what provides the protection to the endpoint. This option allows the reactivation of the agent and subsequent protection of the endpoint.  The endpoint status light will briefly turn red indicating the endpoint is offline and unprotected. The status will quickly change to yellow meaning it’s connected but unprotected.
   3	Activate Endpoint Protection	Immediately returns the endpoint to a state of protection (status = green).
   4	Uninstall Agent on Endpoint	Immediately place the endpoint offline and in unprotected (status = red).  To re-install the agent, follow the steps outlined in the applicable ZeroLock Agent installation documentation.
   5	Archive Endpoint	Gives access to the Archive Endpoint feature, which allows users to archive an endpoint, permanently removing it from the Endpoints page. This can only be done after an endpoint has been shut down.
   6	Send Queries	The query entry filed is accessed by double-clicking on an endpoint on the Endpoints page then selecting the Maintenance tab. The Endpoint Query field provides a variety of in-depth options to gather details about the status of an endpoint and the agent actively running on it.
   7	Change Configuration Profile	Gives access to the Set Endpoint Config feature, which allows users to set the Configuration Profile that the endpoint will follow. Endpoints may only be assigned one Configuration Profile at a time.
   8	Change Endpoint Groups	Gives access to the Add Group and Remove Group features, which allows users to add or remove Endpoint Groups that each endpoint is assigned to, controlling the users that can view and modify each endpoint. Endpoints may be assigned to multiple Endpoint Groups.
   9	Manage Endpoint Quarantine	Gives access to the Quarantine Endpoint and  Unquarantine Endpoint features, which allow users to isolate endpoints that are dealing with active threats to prevent lateral movement. Manual quarantines may be done for a predetermined amount of time or indefinitely. Endpoints that have been quarantined either manually or automatically due to detected threats can be unquarantined with this feature.
   10	Shell Access	Gives access to a bash shell on the endpoint to run basic commands without having to manually log into the endpoint. This is accessible by double-clicking on a specific endpoint on the Endpoints page to access the Endpoint Details page and clicking on the Shell tab.

4. To customize the rights for each User Role, click the Eye Icon to expand the specific options for that User Role. Select the checkboxes for features you want users in that role to have access to within this Endpoint Group.   
   Once all User Roles and rights are assigned as desired, click UPDATE.

Assign Endpoint Group to Endpoint Systems

1. Once an Endpoint Group is created, it must be applied to at least one endpoint. To do so, navigate to the Endpoints page and select the endpoint(s) the Endpoint Group will be applied to.
2. Click the Actions drop-down menu and select Add to or Remove From Groups.
   
   
   
3. Choose one or more groups to add to the selected endpoints. Then click the Commit Changes button.
   
   
   
4. Returning to the Endpoints home page, you can see that your changes are in place.

Congratulations, you have successfully created and assigned an Endpoint group.