Groups

Groups are the fundamental building blocks that are used to construct Policies. When configuring a Policy each of the policy conditions is set using Groups, as opposed to individual entities. The system comes with some predefined Groups. You can also create your own user defined Groups. Therefore, it is recommended to configure the Groups that you will need in advance to streamline the process of editing and creating Policies.

Note: Policy parameters can only be set using Groups. If you want a Policy to apply to an individual entity you must configure a Group that includes only that entity.

Under Groups you can view all Groups that have been configured in your system. The Groups are divided into two categories:

  • Predefined Groups – which come pre-configured in the system and can't be edited.

  • User Defined Groups – which are created by the end-user and can be edited.

There are several different types of Groups, each of which is used for the configuration of various Policy types. Each Group type is shown on a separate screen under Groups. The Group types are:

  • Asset Groups – Assets are hardware entities in the network. Asset Groups are used as a Policy condition for a wide range of Policy types.

  • Network Segments – Network Segmentation is a method of creating groups of related network assets, assisting in the logical isolation of one group of assets from another.

  • Email Groups – Groups of emails that are notified when a Policy Event occurs. Used for all Policy types.

  • Port Groups – Groups of Ports used by assets in the network. Used for Policies that identify open ports.

  • Protocol Groups – Groups of Protocols by which conversations are conducted between assets in the network. Used as a Policy condition for Network Events.

  • Schedule Groups – Schedule Groups are time ranges that are used to configure at what time the specified event must occur to fulfill the policy conditions.

  • Tag Groups – Tags are parameters in controllers that contain specific operational data. Tag Groups are used as a Policy condition for SCADA Events.

  • Rule Groups - Rule Groups are comprised of a group of related rules, which are identified by their Suricata Signature IDs (SIDs). These groups are used as a Policy condition for defining Intrusion Detection Policies.

The procedure for creating each type of Group is described in the following sections. In addition, you can View, Edit, Duplicate or Delete an existing Group, see Actions on Groups.

Asset Groups

Assets are hardware entities in the network. Grouping similar assets together enables you to create Policies that apply to all the assets in the Group. For example, you could use an Asset Group Controllers to create a Policy that alerts for firmware changes to any controller. Asset Groups are used as a Policy condition for a wide range of Policy types. Asset Groups can be used to specify the Source asset, the Destination asset or the Affected Asset for various Policy types.

Viewing Asset Groups

The Asset Groups screen shows all Asset Groups that are currently configured in the system. The Predefined tab includes Groups that are built into the system which can't be edited, duplicated or deleted. The User defined tab includes custom Groups that were created by the user. These Groups can be edited, duplicated or deleted.

The information shown on this screen is described in the following table.

Parameter Description
Status Shows if the Policy is turned on or off. If the Policy was automatically disabled by the system because it was generating too many Events, then a warning icon is displayed. Toggle the status switch to turn a Policy ON/OFF.
Name The name of the Policy.
Severity The degree of severity of the Event. Possible values are: None, Low, Medium or High. See section Severity Levels for a description of the severity levels.
Event Type The specific type of event that triggers this Event Policy.
Category The general category of the type event that triggers this Event Policy. Possible values are: Configuration, SCADA, Network Threats or Network Event. For an explanation of the various categories see Policy Categories and Sub-Categories.
Source A Policy condition. The source Asset Group (i.e. the asset that initiated the Activity) to which the Policy applies.
Name The name that is used to identify the Group.
Type

Shows the type of Group. Options are:

  • Function – A predefined Asset Group that was created to serve a particular function.

  • Asset List – Specified assets are included in the Group.

  • IP List – Assets with the specified IP Address.

  • IP Range - Assets within the specified range of IP Addresses.
Members

Shows the list of assets that are included in this Group. No value is shown for Function Groups.

Note: If there isn't room to display all assets in this row then click on Table Actions > View > Members tab.
Used in Policies

Shows the name of each Policy that uses this Asset Group in its configuration.

Note: To view more details about the Policies in which the Group is used, click on Table Actions > View > Used in Policies tab.

The procedures for creating various types of Asset Groups are described in the following section. In addition, you can View, Edit, Duplicate or Delete an existing Group, see Actions on Groups.

Creating Asset Groups

You can create custom Asset Groups to be used in the configuration of Policies. By grouping together similar assets you enable creation of Policies that apply to all assets in the Group.

There are three types of User Defined Asset Groups:

  • Asset List – Specify the specific assets that are included in the Group.

  • IP List – Specify the IP addresses of the Assets that are included in the Group.

  • IP Range - Specify the range of IP addresses of the Assets that are included in the Group.

There are different procedures for creating each type of Asset Group.

To Create an Asset Selection Type Asset Group:

  1. Under Groups, select Asset Groups.

  2. Click Create Asset Group.

    The Create Asset Group wizard is displayed.

  3. Click on Asset Selection.

  4. Click Next.

    The list of Available Assets is displayed.

  5. In the Name field, enter a name for the Group.

    Choose a name that describes a common element that categorizes the assets that are included in the Group.

  6. Select the checkbox next to each Asset that you would like to include in the Group.

  7. When you have finished making your selections, click Create.

    The new Asset Group is created and is shown on the Asset Groups screen. You can now use this Group when configuring Policies.

To Create an IP Range Type Asset Group:

  1. Under Groups, select Asset Groups.

  2. Click Create Asset Group.

    The Create Asset Group wizard is displayed.

  3. Click on IP Range.

  4. Click Next.

    The IP Range selection parameters are displayed.

  5. In the Name field, enter a name for the Group.

    Choose a name that describes a common element that categorizes the assets that are included in the Group.

  6. In the Start IP field, enter the IP Address at the beginning of the range that you would like to include.

  7. In the End IP field, enter the IP Address at the end of the range that you would like to include.

  8. Click Create.

    The new Asset Group is created and is shown on the Asset Groups screen. You can now use this Group when configuring Policies.

To Create an IP List Type Asset Group:

  1. Under Groups, select Asset Groups.

  2. Click Create Asset Group.

    The Create Asset Group wizard is displayed.

  3. Click on IP List.

  4. Click Next.

    The IP List parameters are displayed.

  5. In the Name field, enter a name for the Group.

    Choose a name that describes a common element that categorizes the assets that are included in the Group.

  6. In the IP List box, enter an IP Address or a Subnet to be included in the Group.

  7. To add more assets to the Group, enter each additional IP address or Subnet on a separate line.

  8. Click Create.

    The new Asset Group is created and is shown on the Asset Groups screen. You can now use this Group when configuring Policies.

Network Segments

Network Segmentation is a method of creating groups of related network assets, assisting in the logical isolation of one group of assets from another. OT Security automatically assigns each IP address that is associated with an asset in your network to a Network Segment. (For assets with more than one IP address, each IP is associated with a Network Segment.) Each auto generated segment includes all Assets of a specific Category (Controller, OT Servers, Network Devices etc.) that have IPs with the same class C network address (i.e. the IPs have the same first 24 bits).

You can create user-defined Network Segments, and specify which assets are assigned to that segment. There is column on the Inventory screens showing the Network Segment for each asset, making it easy to sort and filter your assets by Network Segment.

Viewing Network Segments

The Network Segments screen shows all Network Segments that are currently configured in the system. The Auto generated tab includes Network Segments that are automatically generated by the system. The User defined tab includes custom Network Segments that were created by the user.

The information shown on this screen is described in the following table:

Parameter Description
Name The name that is used to identify the Network Segment.
VLAN The VLAN number of the Network Segment. (Optional)
Description A description of the Network Segment. (Optional)
Used in Policies

Shows the names of the Policies that apply to this Network Segment.

Note: To view more details about the Policies in which the Network Segment is used, click on Table Actions > View > Used in Policies tab.

The procedure for creating a Network Segment is described in the following section. In addition, you can View, Edit, Duplicate or Delete an existing Network Segment, see Actions on Groups.

Creating Network Segments

You can create Network Segments to be used in the configuration of Policies. By grouping together related network assets you enable the creation of Policies that define acceptable network traffic for Asset in that segment.

To Create a Network Segment:

  1. Under Groups, select Network Segments.

  2. Click Create Network Segment.

    The Create Network Segment wizard is displayed.

  3. In the Name field, enter a name for the Network Segment.

  4. In the VLAN field, enter a VLAN number for the Network Segment. (Optional)

  5. In the Description field, enter a description of the Network Segment. (Optional)

  6. Click Create.

    The new Network Segment is created and is shown in the list of Network Segments.

  7. Under Inventory, select All Assets.

  8. Right-click on the asset you wish to assign to the newly created Network Segment and select Edit.

    The Edit Asset Details window opens.

  9. In the Network Segments field, select the appropriate Network Segment from the dropdown list.

    Note: Some assets have more than one associated IP address, and you can select the appropriate Network Segment for each one.

    The Network Segment is applied to the asset and is shown in the Network Segment column. You can now use this Network Segment when configuring Policies.

Email Groups

Emails Groups are groups of emails of relevant parties. Email Groups are used to specify recipients for Event notifications that are triggered by specific Policies. For example, grouping by role, department, etc. enables you to send the notifications for specific Policy Events to the relevant parties.

Viewing Email Groups

The Email Groups screen shows all Email Groups that are currently configured in the system.

The information shown on this screen is described in the following table:

Note: You can view additional details about a specific Group by selecting the Group and clicking Table Actions > View.

Parameter Description
Name The name that is used to identify the Group.
Emails

The list of emails included in the Group.

Note: If there isn't room to display all members of the Group then click on Table Actions > View > Members tab.
Email Server The name assigned to the SMTP server that is used for sending out the emails to this Group.
Used in Policies

Shows the names of the Policies for which notifications are sent to this Group.

Note: To view more details about the Policies in which the Group is used, click on Table Actions > View > Used in Policies tab.

The procedure for creating an Email Group is described in the following section. In addition, you can View, Edit, Duplicate or Delete an existing Group, see Actions on Groups.

Creating Email Groups

You can create Email Groups to be used in the configuration of Policies. By grouping related emails, you set Policy Event notifications to be sent to all relevant personnel.

Note: You can only assign one Email Group to each Policy. Therefore, it is useful to create both broad, inclusive Groups as well as specific, limited Groups so that you can assign the appropriate Group to each Policy.

To Create an Email Group:

  1. Under Groups, select Email Groups.

  2. Click Create Email Group.

    The Create Email Group wizard is displayed.

  3. In the Name field, enter a name for the Group.

  4. In the SMTP server field, select from the dropdown list the server used for sending out the email notifications.

    Note: If no SMTP server has been configured in the system, then you must first configure a server before you can create an Email Group, see SMTP Servers.

  5. In the Emails field, enter the email of each member of the Group on a separate line.

  6. Click Create.

    The new Email Group is created and is shown on the Email Groups screen. You can now use this Group when configuring Policies.

Port Groups

Port Groups are groups of ports used by assets in the network. Port Groups are used as a policy condition for defining Open Port Network Event Policies, which detect open ports in the network.

The Predefined tab shows the Port Groups that are predefined in the system. These Groups comprise ports that are expected to be Open on controllers from a specific vendor. For example, the Group Siemens PLC Open Ports includes: 20, 21, 80, 102, 443 and 502. This enables configuration of Policies that detect open ports that are not expected to be opened for controllers from that vendor. These Groups can't be edited or deleted but they can be duplicated.

The User defined tab includes custom Groups that were created by the user. These Groups can be edited, duplicated or deleted.

Viewing Port Groups

The information shown on this screen is described in the following table:

Parameter Description
Name The name that is used to identify the Group.
TCP Ports

The list of ports and/or ranges of ports that are included in the Group.

Note: If there isn't room to display all members of the Group then click on Table Actions > View > Members tab.
Used in Policies

Shows the name of each Policy that uses this Port Group in its configuration.

Note: To view additional info about the Policies in which this Group is used, click on Table Actions > View > Used in Policies tab.

Creating Port Groups

You can create user defined Port Groups to be used in the configuration of Policies. By grouping together similar ports you enable creation of Policies that alert for open ports that pose a particular security risk.

To Create a Port Group:

  1. Under Groups, select Port Groups.

  2. Click Create Port Group.

    The Create Port Group wizard is displayed.

  3. In the Name field, enter a name for the Group.

  4. In the TCP Port field, enter a single port or a range of ports to be included in the Group.

  5. If you would like to add additional Ports to the Group, use the following procedure for each additional Port.

    1. Click + Add Port.

      A new Port Selection field is displayed.

    2. In the new Port number field, enter a single port or a range of ports to be included in the Group.

  6. Click Create.

    The new Port Group is created and is shown in the list of Port Groups. You can now use this Group when configuring Policies.

Protocol Groups

Protocol Groups are groups of protocols with which conversations are conducted between assets in the network. Protocol Groups are used as a Policy condition for Network Policies, defining what Protocols being used between particular assets trigger a Policy.

OT Security comes with a set of predefined Protocol Groups which comprise related protocols. These Groups are available for use in Policies. These Groups can't be edited or deleted. Protocols can be grouped by which protocols are allowed by a specific vendor. For example, Schneider allowed protocols include: TCP:80 (HTTP), TCP:21 (FTP), Modbus, Modbus_UMAS, Modbus_MODICON, TCP:44818 (CIP), UDP:69 (TFTP), UDP:161 (SNMP), UDP:162 (SNMP), UDP:44818, UDP:67-68 (DHCP). They can also be grouped by type of protocol (i.e. Modbus, PROFINET, CIP etc.). You can also create your own user defined Protocol Groups.

Viewing Protocol Groups

The Protocol Groups screen shows all Protocol Groups that are currently configured in the system. The Predefined tab shows Groups that are built into the system. These Groups can't be edited or deleted but they can be duplicated. The User defined tab shows custom Groups that were created by the user. These Groups can be edited, duplicated or deleted.

The information shown on this screen is described in the following table.

Parameter Description
Name The name that is used to identify the Group.
Protocols

The list of protocols that are included in the Group.

Note: If there isn't room to display all members of the Group then click on Table Actions > View > Members tab.
Used in Policies

Shows the name of each Policy that uses this Protocol Group in its configuration.

Note: To view additional details about the Policies in which this Group is used, click on Table Actions > View > Used in Policies tab.

Creating Protocol Groups

You can create custom Protocol Groups to be used in the configuration of Policies. By grouping together similar Protocols you enable creation of Policies that define which protocols are suspicious.

To Create a Protocol Group:

  1. Under Groups, select Protocol Groups.

  2. Click Create Protocol Group.

    The Create Protocol Group wizard is displayed.

  3. In the Name field, enter a name for the Group.

  4. In the Protocols field, select from the dropdown menu a Protocol type.

  5. If the selected Protocol is TCP or UDP then enter a Port number or range of Ports in the Port field.

    For other Protocol types no value is entered in the Port field.

  6. If you would like to add additional Protocol/s to the Group, use the following procedure for each additional Protocol.

    1. Click + Add Protocol.

      A new Protocol Selection field is displayed.

    2. Fill in the new Protocol Selection in the manner described in steps 4-5.

  7. Click Create.

    The new Protocol Group is created and is shown in the list of Protocol Groups. You can now use this Group when configuring Policies.

Schedule Group

A Schedule Group defines a time range or group of time ranges that has particular characteristics that make activities that happen during that time period noteworthy. For example, certain activities are expected to occur during work hours while other activities are expected to occur during down-time.

Viewing Schedule Groups

The Schedule Groups screen shows all Schedule Groups that are currently configured in the system. The Predefined tab includes Groups that are built into the system. These Groups can't be edited, duplicated or deleted. The User defined tab shows the custom Groups that were created by the user. These Groups can be edited, duplicated or deleted.

The information shown on this screen is described in the following table.

Parameter Description
Name The name that is used to identify the Group.
Type

Shows the type of Group. Options are:

  • Function - a predefined Schedule Group that was created to serve a particular function.

  • Recurring – a schedule that recurs on a daily or weekly basis. For example, a Work Hours schedule can be defined as Monday to Friday from 9am to 5pm.

  • Interval – a schedule that occurs on a specific date or range of dates. For example, a Plant Renovation schedule could be defined by the period from June 1 to August 15.
Covers

A summary of the schedule settings.

Note: If there isn't room to display all members of the Group then click on Table Actions > View > Members tab.
Used in Policies

Shows the Policy ID of each Policy that uses this Schedule Group in its configuration.

Note: To view additional details about the Policies in which this Group is used, click on Table Actions > View > Used in Policies tab.

Creating Schedule Groups

You can create custom Schedule Groups to be used in the configuration of Policies. Designate a time range or group of time ranges that share characteristics that make events that happen during that time period noteworthy.

There are two types of Schedule Groups:

  • Recurring – schedules that recur on a weekly basis. For example, a Work Hours schedule can be defined as Monday to Friday from 9am to 5pm.

  • Once – schedules that occur on a specific date or range of dates. For example, a Plant Renovation schedule could be defined by the period from June 1 to August 15. There are different procedures for creating each type of Schedule Group.

There are different procedures for creating each type of Schedule Group.

To Create a Recurring Type Schedule Group:

  1. Under Groups, select Schedule Groups.

  2. Click Create Schedule Group.

  3. On the Schedule Groups screen, click Create Schedule Group.

    The Create Schedule Group wizard is displayed.

  4. Select Recurring.

  5. Click Next.

    The parameters for defining a Recurring Schedule group are shown.

  6. In the Name field, enter a name for the Group.

  7. In the Repeats field, select which days of the week are included in the Schedule Group.

    Options are: Every day, Monday to Friday or a specific day of the week.

    Note: If you would like to include particular days of the week, e.g. Monday and Wednesday, then you will need to add a separate condition for each day.

  8. In the Start Time field, enter the time of day (HH:MM:SS AM/PM) of the beginning of the time range included in the Schedule Group.

  9. In the End Time field, enter the time of day (HH:MM:SS AM/PM) of the end of the time range included in the Schedule Group.

  10. If you would like to add additional Conditions (i.e. additional time ranges) to the Schedule Group, use the following procedure for each additional Condition.

    1. Click + Add Condition.

      A new row of Schedule selection fields is displayed.

    2. Fill in the schedule fields as described above in step 5-7.

  11. Click Create.

    The new Schedule Group is created and is shown in the list of Schedule Groups. You can now use this Group when configuring Policies.

To Create a One Time Schedule Group:

  1. Under Groups, select Schedule Groups.

  2. Click Create Schedule Group.

    The Create Schedule Group wizard is displayed.

  3. Select Once.

  4. Click Next. The parameters for defining a one-time Schedule group are shown.

  5. In the Name field, enter a name for the Group.

  6. In the Start Date field, click on the calendar icon .

    A calendar window opens.

  7. Select the date on which the Schedule Group begins. (Default: the current date).

  8. In the Start Time field, enter the time of day (HH:MM:SS AM/PM) of the beginning of the time range included in the Schedule Group.

  9. In the End Date field, click on the calendar icon .

    A calendar window opens.

  10. Select the date on which the Schedule Group ends. (Default: the current date)

  11. In the End Time field, enter the time of day (HH:MM:SS AM/PM) of the end of the time range included in the Schedule Group.

  12. Click Create.

    The new Schedule Group is created and is shown in the list of Schedule Groups. You can now use this Group when configuring Policies.

Tag Groups

Tags are parameters in controllers that contain specific operational data. Tag Groups are used as a Policy condition for SCADA Events Policies. By grouping together Tags that play similar roles you can create Policies that detect suspicious changes to the specified parameter. For example, by grouping together Tags that control furnace temperature, you can create a Policy that detects temperature changes that could be harmful to the furnaces.

Viewing Tag Groups

The Tag Groups screen shows all Tag Groups that are currently configured in the system.

The information shown on this screen is described in the following table.

Parameter Description
Name The name that is used to identify the Group.
Type The data type of the Tag. Possible values are: Bool, Dint, Float, Int, Long, Short, Unknown (for Tags of a type that OT Security was unable to identify) or Any Type (which can include Tags of different Types)
Controller The controller on which the Tag is being monitored.
Tags

Shows each Tag that is included in the Group as well as the name of the controller in which it is located.

Note: If there isn't room to display all Tags in this row then click on Table Actions > View > Members tab.
Used in Policies

Shows the Policy ID of each Policy that uses this Schedule Group in its configuration.

Note: To view additional details about the Policies in which this Group is used, click on Table Actions > View > Used in Policies tab.

The procedure for creating a Port Group is described in the following section. In addition, you can View, Edit, Duplicate or Delete an existing Group, see Actions on Groups.

Creating Tag Groups

You can create custom Tag Groups for use in Policy configuration. By grouping together similar Tags you can create Policies that apply to all Tags in the Group. Select the Tags that are of a similar type and give them a name that represents the common element of the Tags.

You can also create Groups that include Tags of different types by selecting the Any Type option. In this case Policies that are applied to this Group can only detect changes to Any Value for the specified Tags but can't be set to detect specific values.

Tag Groups can be edited, duplicated or deleted.

To Create a New Tag Group:

  1. Under Groups, select Tag Groups.

  2. Click Create Tag Group.

    The Create Tag Group wizard is displayed.

  3. Select a Tag type. Options are: Bool, Dint, Float, Int, Long, Short or Any Type (which can include Tags of different Types)

  4. Click Next.

    A list of controllers in your network is displayed.

  5. Select a controller for which you would like include Tags in the Group.

  6. Click Next.

    A list of Tags of the specified type on the specified controller are displayed.

  7. In the Name field, enter a name for the Group.

  8. Select the checkbox next to each of the Tags that you would like to include in the Group.

  9. Click Create.

    The new Tag Group is created and is shown in the list of Tag Groups. You can now use this Group when configuring SCADA Event Policies.

Rule Groups

Rule Groups are comprised of a group of related rules, which are identified by their Suricata Signature IDs (SIDs). These groups are used as a Policy condition for defining Intrusion Detection Policies.

OT Security provides a set of predefined groups of related vulnerabilities. In addition, you can select individual rules from our repository of vulnerabilities and create your own custom Rule Groups.

Viewing Rule Groups

The Rule Groups screen shows all Rule Groups that are currently configured in the system. The Predefined tab includes Groups that are built into the system. These Groups can't be edited, duplicated or deleted. The User defined tab shows the custom Groups that were created by the user. These Groups can be edited, duplicated or deleted.

The information shown on this screen is described in the following table.

Parameter Description
Name The name that is used to identify the Group.
Number of Rules The number of rules (SIDs) that comprise this Rule Group.
Used in Policies

Shows the Policy ID of each Policy that uses this Rule Group in its configuration.

Note: To view additional details about the Policies in which this Group is used, click on Table Actions > View > Used in Policies tab.

Creating Rule Groups

To create a new Rule Group:

  1. Under Groups, select Rule Groups.

  2. Click Create Rule Group.

    The Create Rule Group wizard is displayed.

  3. In the Name field, enter a name for the group.

  4. In the Available Rules section, select the checkbox next to each of the rules that you would like to include in the group.

    Note: Use the search box to find the desired rules.

  5. Click Create.

    The new Rule Group is created and is shown in the list of Rule Groups. You can now use this Group when configuring Intrusion Detection Policies.

Actions on Groups

When you select a Group (on any of the Group screens), the Actions menu on the top of the screen enables you to take the following actions:

  • View – shows details about the selected Group, such as which entities are included in the group and which Policies use the Group as a policy condition.

  • Edit – edit details of the Group.

  • Duplicate – create a new Group with similar configuration to the specified Group.

  • Delete – delete the Group from the system.

    Note: Predefined Groups can't be edited or deleted. Some predefined Groups also can't be duplicated. The actions menu can also be accessed by right-clicking on a Group.

Viewing Group Details

When you select a group and click on Actions > View the Group Details screen is shown for the selected group.

The Group Details screen has a header bar that shows the name and type of the Group. It also has two tabs:

  • Members – shows a list of all members of the Group.

  • Used in Policies – shows a listing for each Policy for which the specified Group is used as a policy condition. The Policy listing includes a toggle switch for turning the Policy On/Off. The info shown in the Policy lists is explained in the chapter on EXPORTING the Dashboard.

To view details of a Group:

  1. Under Groups, select the desired type of Group.

  2. Select the desired Group.

  3. Click on Actions (or right-click on the Group).

  4. From the dropdown menu, select View.

    The Group details screen is displayed.

Editing a Group

You can edit the details of an existing Group.

To edit details of a Group:

  1. Under Groups, select the desired type of Group.

  2. Select the desired Group.

  3. Click on Actions (or right-click on the Group).

  4. From the dropdown menu, select Edit.

  5. The Edit Group window is displayed, showing the relevant parameters for the specified Group type.

  6. Make the desired changes.

  7. Click Save.

    The Group is saved with the new settings.

Duplicating a Group

If you would like to create a new Group with similar settings to an existing Group, you can “duplicate” the existing Group. When you duplicate a Group, the new Group is saved under a new name, in addition to the original Group.

To Duplicate a Group:

  1. Under Groups, select the desired type of Group.

  2. Select the existing Group on which you would like to base the new Group.

  3. Click on Actions (or right-click on the Group).

  4. From the dropdown menu, select Duplicate.

    The Duplicate Group window is displayed, showing the relevant parameters for the specified Group type.

  5. In the Name field, enter a name for the new Group. (By default, the new Group is named 'Copy of' the original Group name.)

  6. Make the desired changes to the Group settings.

  7. Click Duplicate.

    The new Group is saved with the new settings, in addition to the existing Group.

Deleting a Group

You can delete user defined Groups but not predefined Groups. Also, if a user defined Group is being used as a policy condition for one or more Policies it can't be deleted.

To Delete a Group:

  1. Under Groups, select the desired type of Group.

  2. Select the Group that you would like to delete.

  3. Click on Actions (or right-click on the Group).

  4. From the dropdown menu, select Delete.

    A confirmation window is displayed.

  5. Click Delete.

    The Group is permanently deleted from the system.