General Recommendations

Tagging or filtering users or endpoints depend on your network and management needs, along with your business plans. As general recommendations:

  • The User Access Information in an ad hoc query (see Understanding Ad Hoc Queries) provides details about any user modifications related to any available custom tags or filters

  • Group users based on your Active Directory organization

  • Group endpoints based on their location (that is, their IP ranges)

  • Group users or endpoints with similar properties or characteristics

    For example: who manages a group of users, who accesses a group of servers, endpoints with the same operating system type or host names

  • Group users or endpoints based on any other criteria that support your needs

    For example, it is a common practice to divide networks according to the roles of those using the network—Marketing, Finance, Human Resources, Product Development, etc.

Tip:

Plan your User/Endpoint Directory structure and consider your network environment to simplify maintenance—especially for an enterprise with a large network.

Manually tag users or endpoints showing a specific behavior. For example, as the network administrator for Company ABC, Joni sees similar malware behavior resulting from laptops XYZ and 123. She can then tag laptops XYZ and 123 for easy identification.

Consequently, create filters to group users or endpoints based on specific known characteristics. For example, filter users based on who their manager is. You can then associate a filter to those users having the same manager.