XDR group management

In Wazuh agents can be added to groups. The purpose of this is to configure similar machines with a central configuration so that there is no need to configure the agents individually. Agents can also belong to more than one group at a time. Please note that agents should at all times belong to at least the default group if nothing else.

To access group management in Wazuh, please Click on the Wazuh module under the modules section. At the top left of the page Click the down arrow, then Click Management and finally Click Groups.

You will note that after initial deployment there is only the default group.

Creating a group

To create a group please perform the following steps:

1. Click Add new group in the top right corner
   

   

2. Type in a group name and Click “Save new group”. NOTE: It is recommended to define a group naming standard based on function and/or host OS type.
   

   

Your group is now created.

Adding or remove agents to your group

1. To manage the group membership, Click the little eye at the end of the same line as the group you wish to manage

2. On the first tab you will be presented with an agent list, or blank screen if it’s a new group.

3. To add agents, Click the “Manage agents” button at the top right of the screen
   

   

4. You can now add and remove agents from the by using the operators in the middle column
   

   

5. Once your selection is complete, Click “Apply Changes” in the top right corner

🔖 TIP: If you have specific agents you want to add you can also Hold the [CTRL] key and then Press “Add selected items”