In Cortex XDR Prevent, which three criteria can be used for dynamic endpoint grouping?

Dynamic endpoint grouping in Cortex XDR Prevent leverages various criteria to efficiently manage and categorize endpoints based on their attributes and behaviors. One of the essential criteria is domain/workgroup membership. This allows the system to dynamically group endpoints that belong to the same domain or workgroup, facilitating better management of security policies and making it easier to target specific subsets of endpoints based on their organizational role or location.

Using domain/workgroup membership is particularly beneficial because it aligns with how organizations manage their assets. Grouping by this criterion enables administrators to swiftly deploy consistent security measures across all relevant endpoints, ensuring that security management is coherent and systematic. This can be crucial for organizations that follow a hierarchical structure or have specific security protocols tailored to different departments or branches.

The other criteria, such as alert root cause, hostname, and OS, while relevant for various analytical or response operations, do not serve the same purpose of creating dynamic groupings of endpoints in response to real-time threats or management tasks within Cortex XDR Prevent.