Contents

Related Topics

Manage TDR Groups

In Threat Detection and Response, you can create groups of the hosts on your network. With these groups, you can:

There are three types of groups:

Active Directory Group

Active Directory groups are created in TDR when AD Helper sends the device group information from your Active Directory server to TDR. You manage membership in these groups on your Active Directory domain controller. You can synchronize the Active Directory group on your Active Directory server with TDR from the Groups page in the TDR web UI.

Host Group

You can manually add a Host group, which is a list of hosts. A host can be a member of only one Host group. An Operator can manage Host Sensors for members of the group and configure Host Sensor settings specific to the group.

IP Subnet Group

You can manually add an IP Subnet group, which is for a specific IPv4 subnet. The group includes hosts with IP addresses in the IP subnet specified for the group.

The Groups page appears only for users with Analyst or Operator credentials. A user with Analyst credentials can see information about groups but cannot edit them.

From the Groups page, a user with Operator credentials can:

  • Synchronize Active Directory groups
  • Add, edit, and remove IP Subnet and Host groups
  • Install and remove Host Sensors for members of a Host group
  • Configure Host Sensor settings for a Host group

See Threat Detection and Response Groups

To see the list of groups:

  1. Log in to the TDR web UI  as a user with Operator or Analyst credentials.
  2. Select Configuration > Groups.
  3. To see information for a Host group, adjacent to the group name, click .
    The hosts in the group and Host Sensor settings for the group appear.

A user with Operator credentials can add and edit IP Subnet and Host groups on this page. An Operator can also manage host sensor settings, and install and remove Host Sensors for members of a group.

Synchronize an Active Directory Group

From the Groups page, an Operator can synchronize the Active Directory groups. When you synchronize a group, AD Helper gets updated information about the group from the Active Directory domain controller and updates the group information in your TDR account.

To synchronize an Active Directory group:

  1. On the Groups page, adjacent to an Active Directory group, click .
  2. Select Sync Group.
    A confirmation message about whether you want to synchronize the group appears.
  3. Click Yes, Sync.

Add a Group

You can manually add a Host group or an IP Subnet group.

Edit or Remove a Group

To edit or remove an IP Subnet or Host group, you must log in to TDR with Operator credentials.

To edit a group:

  1. In the Groups list, adjacent to the group to edit, click .
  2. Select Edit Group.
    The Edit Group dialog box appears.
  3. Edit the group information as described in the previous procedure.
  4. Click Save & Close.

To remove a group:

  1. In the Groups list, adjacent to the group to remove, click .
  2. Select Remove Group.
    A confirmation message appears.
  3. Click Yes, Delete.

When you remove a group, the group is automatically removed from all policies that included it.

Manage Host Sensors for a Group

From the Groups page, you can see information about the hosts in a group and manage the Host Sensors and Host Sensor settings for the group. You can expand any group that includes at least one host.

To manage host sensors for a group, adjacent to that group, click .

The group information appears on two tabs

  • Hosts — Shows the hosts in the group and includes network, OS, and the Host Sensor status for each host
  • Host Sensor Configuration — Host Sensor settings for hosts in the group; you can configure Host Sensor settings for the group that take precedence over the global Host Sensor settings specified by the Administrator

See Also

Manage TDR Hosts and Host Sensors

Host Ransomware Prevention

Give Us Feedback     Get Support     All Product Documentation     Technical Search