Collections

Managing groups of protected resources for endpoint privilege manager

Collections Overview

When agents are deployed to endpoints, the agent begins to run discovery. During the discovery process, Keeper automatically builds out resource collections. Collections are categorized into the following types:

  • Applications

  • Machines

  • Users

  • Operating Systems

Collections

Custom Collections

Admins can also create their own custom collections within Applications, Machines and Users.

Creating a Collection

Click on New Collection to create a collection and assign attributes. For example, a custom collection "Developers" can be created which includes all software engineers. Or a custom collection of type "Machines" might be called "Web Servers" where only web servers are added to the collection. Or as another example, a custom collection of type "Applications" might be called "Developer Tools" where applications such as GitHub.exe or Visual Studio Code is included.

Creating a New Collection
Custom Collections

Collections can not contain different resource types. For example a User Group collection can not contain a Machine resource.

Application Collections

An application collection represents all of the available executables across the fleet of endpoints. Applications can be grouped into custom collections.

Application objects contain information such as:

  • Product Name

  • Product Version

  • File Version

  • File Hash

  • Publisher Certificate

Custom Application Resources

A custom application resource can be defined by the Admin, such as a specific executable. Click on "Add Item to Collection" and select "Manually define resource" to submit the information.

Custom Application Resource

Machine Collections

A machine collection represents the endpoint operating system. It includes the following attributes:

  • Machine Name / Identifier

  • Operating System Type

  • Operating System Version

Machines are automatically aggregated and grouped based on the agent discovery process.

Deployment Collections are also automatically added as an available sub-collection inside of Machines.

Machine and Deployment Collections
Individual Machine Resources

Operating System Collections

The operating system resources are automatically discovered by the Keeper agent, and made available as a collection for applying policies. The attributes collected include:

  • Operating System Name

  • Operating System Version

User Collections

The Keeper agent discovers all of the local users and groups across the fleet of endpoints. They are aggregated and built into "User" collections. Inside of the User collection are sub-collections including "User Groups" and "All Accounts" which are read-only.

User Collection
User Resources
User Group resources

Applying Policies

After collections have been established by the discovery process, policies can be applied to device collections and deployment collections to control privilege on all of the endpoints. Visit the Policies page to learn more.

Commander CLI

Keeper Commander supports Collection management through our command-line interface and Python SDK.

Collections

The pedm collection command provides management over collections.

My Vault> pedm collection -h
pedm command [--options]

Command     Description
----------  ----------------------------------
list        List PEDM collections
view        Show PEDM collection details
add         Creates PEDM collection
update      Update PEDM collections
delete      Delete PEDM collections
connect     Link agent, policy, resource to PEDM collections
disconnect  Unlink agent, policy, resource from PEDM collections

Next Steps

Once you have deployed the agent and set up collections, it's time to apply policies.

PreviousDeploymentNextPolicies

Last updated

Was this helpful?