Contents

Manage TDR Groups

In Threat Detection and Response, you can create groups of the hosts on your network. With these groups, you can:

  • Specify a group name in a policy to configure different policies for different hosts.
    For more information, see Configure TDR Policies.
  • See and manage Host Sensors, group membership, and Host Sensor settings for a group.
    For more information, see Manage Hosts In a Group.

TDR supports three types of groups:

Active Directory Group

Active Directory groups are created in TDR when AD Helper sends the device group information from your Active Directory server to TDR. You manage membership in these groups on your Active Directory domain controller. You can synchronize the Active Directory group on your Active Directory server with TDR from the Groups page in the TDR web UI.

Host Group

You can add a Host group, which is a list of hosts. A host can be a member of only one Host group. An Analyst can manage Host Sensors for members of the group and configure Host Sensor settings specific to the group. You can create and add members to a Host Group from the Groups page or from the Hosts page.

The easiest way to add multiple hosts to a group is from the Hosts page. For more information, see Manage TDR Hosts and Host Sensors.

IP Subnet Group

You can add an IP Subnet group, which is for a specific IPv4 subnet. The group includes hosts with IP addresses in the IP subnet specified for the group.

An observer operator can see information about groups but cannot edit them.

From the Groups page, an Analyst can:

  • Synchronize Active Directory groups
  • Add, edit, and remove IP Subnet and Host groups
  • Edit the members of a Host Group
  • Install and remove Host Sensors for members of a Host group
  • Configure Host Sensor settings for a Host group

See Threat Detection and Response Groups

To see the list of groups:

  1. Log In to the TDR Web UI as an Administrator or Analyst.
  2. Select Configuration > Groups.
  3. To see information for a Host group, adjacent to the group name, click .
    The hosts in the group and Host Sensor settings for the group appear.

An Analyst can add and edit IP Subnet and Host groups on this page. An Analyst can also manage host sensor settings, and install and remove Host Sensors for members of a group.

Synchronize an Active Directory Group

From the Groups page, an Analyst can synchronize the Active Directory groups. When you synchronize a group, AD Helper gets updated information about the group from the Active Directory domain controller and updates the group information in your TDR account.

To synchronize an Active Directory group:

  1. On the Groups page, adjacent to an Active Directory group, click .
  2. Select Sync Group.
    A confirmation message about whether you want to synchronize the group appears.
  3. Click Yes, Sync.

You must synchronize an Active Directory group before you can expand it on the groups page or change the Host Group membership for members of the Active Directory group.

Add a Group

From the Groups page, you can add a Host group or an IP Subnet group.

You can also use the Change Host Group action to add a Host Group for selected hosts. For more information, see Manage TDR Hosts and Host Sensors.

Edit or Remove a Group

To edit or remove an IP Subnet or Host group, you must log in to TDR as an Analyst.

To edit a group:

  1. In the Groups list, adjacent to the group to edit, click .
  2. Select Edit Group.
    The Edit Group dialog box appears.
  3. Edit the group information as described in the previous procedure.
  4. Click Save & Close.

To remove a group:

  1. In the Groups list, adjacent to the group to remove, click .
  2. Select Remove Group.
    A confirmation message appears.
  3. Click Yes, Delete.

When you remove a group, the group is automatically removed from all policies that included it.

Manage Hosts In a Group

From the Groups page, you can see information about the hosts in a group and manage the Host Sensors and Host Sensor settings for the group. You can expand any group that includes at least one host.

To manage Hosts in a group, adjacent to that group, click .

The group information appears on two tabs:

  • Hosts — Shows the hosts in the group and includes network, OS, and the Host Sensor status for each host
  • Host Sensor Configuration — Host Sensor settings for hosts in the group; you can configure Host Sensor settings for the group that take precedence over the global Host Sensor settings specified by the Administrator

On the Hosts tab, you can see information about the hosts in this group, add hosts to the groups, and manage Hosts Sensors and group membership.

You can complete these actions for hosts:

  • Change Host Group — Change the Host Group the host is a member of
  • Install Sensor — Use AD Helper to install a Host Sensor on a Windows host
  • Restart Sensor — Restart a Host Sensor on a host
  • Remove Sensor — Uninstall a Host Sensor from a host
  • Acknowledge Manually Removed — Acknowledge that a Host Sensor has been manually uninstalled from a host
  • Update Host — Update a Host Sensor to the latest version of TDR
  • Contain Host — Contain the host so that it cannot communicate over the network
  • Release Host — Release the host from containment
  • Pause Host Protection — Temporarily pause TDR on a host
  • Request Baseline — Perform a new baseline scan after making changes on a host

See Also

Manage TDR Hosts and Host Sensors

About TDR Host Ransomware Prevention

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search