Support

Support for business applications

Kaspersky XDR Expert

Threat response

Response actions

Moving devices to another administration group

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Moving devices to another administration group

May 15, 2024

ID 261996

Get as PDF

As a response action, you can move a device to another administration group of Open Single Management Platform. This may be required when the analysis of an alert or incident shows that the protection level of the device is low. When you move a device to another administration group, the group policies and tasks are applied to the device.

The administration group to which you move the device must belong to the same tenant as the device.

You can move a device to another administration group in one of the following ways:

  • From the alert or incident details
  • From the device details
  • From an investigation graph

You can also configure the response action to run automatically when creating or editing a playbook.

To move a device to another administration group, you must have one of the following XDR roles: Main administrator, Tenant administrator, Junior analyst, Tier 1 analyst, Tier 2 analyst.

It might take up to 15 minutes to launch a response action due to the synchronization interval between the managed device and Administration Server.

Moving a device to another administration group from alert or incident details

To move a device to another administration group from alert or incident details:

  1. Do one of the following:
    • In the main menu, go to Monitoring & reportingAlerts. In the ID column, click the ID of the alert that includes the device to be moved.
    • In the main menu, go to Monitoring & reportingIncidents section. In the ID column, click the ID of the incident that includes the device to be moved.
  2. In the window that opens, go to the Assets tab.
  3. Select check box next to the device to be moved to another administration group.

    You can select several devices, if the devices are managed by the same Administration Server: primary, secondary, or virtual.

  4. In the Select response actions drop-down list, select Move to group.

    The Move to group window that opens on the right side of the screen displays the administration groups of the Administration Server that manages the selected device.

  5. Select the administration group to which you want to move the device, and then click the Move button.

The device will be moved to the selected administration group. An appropriate message is displayed on the screen.

Moving a device to another administration group from the device details

To move a device to another administration group from the device details:

  1. Do one of the following:
    • In the main menu, go to Monitoring & reportingAlerts. In the ID column, click the ID of the alert that includes the device to be moved.
    • In the main menu, go to Monitoring & reportingIncidents section. In the ID column, click the ID of the incident that includes the device to be moved.
  2. In the window that opens, go to the Assets tab.
  3. Click the name of the required device, and then in the drop-down list, select View properties.
  4. In the Select response actions drop-down list, select Move to group.

    The Move to group window that opens on the right side of the screen displays the administration groups of the Administration Server that manages the selected device.

  5. Select the administration group to which you want to move the device, and then click the Move button.

The device will be moved to the selected administration group. An appropriate message is displayed on the screen.

Moving a device to another administration group from an investigation graph

This option is available if the investigation graph is built.

To move a device to another administration group from an investigation graph:

  1. In the main menu, go to Monitoring & reportingIncidents section. In the ID column, click the ID of the incident that includes the device to be moved.
  2. Click the View on graph button.
  3. In the investigation graph that opens, click the device name to open the device details.
  4. In the Select response actions drop-down list, select Move to group.

    The Move to group window that opens on the right side of the screen displays the administration groups of the Administration Server that manages the selected device.

  5. Select the administration group to which you want to move the device, and then click the Move button.

The device will be moved to the selected administration group. An appropriate message is displayed on the screen.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.