We are slowly migrating towards Palo Alto Traps (TMS) and are starting to apply "blocking" profiles instead of "report-only" profiles. We are doing this in different pilot groups per branch where we also remove the old antivirus solution.
The new profiles where malware is actually blocked, are assigned to a static endpoint group. Since we need to migrate more than 300 clients before deploying it for all users, it takes a long time to add them one by one to this endpoint group.
Using a dynamic group is unfortunately no option since the clients are all in the same domain, have the same naming convention as other branches and the IP's can also be similar to other branches when they're on the VPN.
I'm interested how other administrators are dealing with this? Maybe a new feature in TMS to bulk import clients into a static group would also be nice?
You are correct, this feature does not exist. I will say that in Cortex XDR 2.0, it is easier to build static lists. You can use filters to be very selective of the group membership. You can also "check" the machines that you want to add to the group. If these methods do not help, please send me a message with your contact details and I will log a feature request.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!