Synchronization with cloud

During the Cloud Environment Configuration Wizard operation, the Synchronize with Cloud rule is created automatically. This rule allows you to automatically move instances detected in each poll, from the Unassigned devices group to the Managed devices\Cloud group, to make these instances available for centralized management. By default, the rule is active after it is created. You can disable, modify, or enforce the rule at any time.

To edit the properties of the Synchronize with Cloud rule and/or enforce the rule:

In the console tree, right-click the name of the Device discovery node.
In the context menu, select Properties.
In the Properties window that opens, in the Sections pane, select Move devices.
In the list of device moving rules in the workspace, select Synchronize with Cloud and then click the Properties button in the lower part of the window.
The rule properties window opens.
If necessary, specify the following settings in the Cloud segments settings group:
- Device is in cloud segment
  The rule only applies to devices that are in the selected cloud segment. Otherwise, the rule applies to all devices that have been discovered.
  
  By default, this option is selected.
  - Include child objects
    The rule applies to all devices in the selected segment and in all nested cloud subsections. Otherwise, the rule only applies to devices that are in the root segment.
    
    By default, this option is selected.
  - Move devices from nested objects to corresponding subgroups
    If this option is enabled, devices from nested objects are automatically moved to the subgroups that correspond to their structure.
    
    If this option is disabled, devices from nested objects are automatically moved to the root of the Cloud subgroup without any further branching.
    
    By default, this option is enabled.
    - Create subgroups corresponding to containers of newly detected devices
      If this option is enabled, when the structure of the Managed devices\Cloud group has no subgroups that will match the section containing the device, Kaspersky Security Center creates such subgroups. For example, if a new subnet is discovered during device discovery, a new group with the same name will be created under the Managed devices\Cloud group.
      
      If this option is disabled, Kaspersky Security Center does not create any new subgroups. For example, if a new subnet is discovered during network poll, a new group with the same name will not be created under the Managed devices\Cloud group, and the devices that are in that subnet will be moved into the Managed devices\Cloud group.
      
      By default, this option is enabled.
    - Delete subgroups for which no match is found in the cloud segments
      If this option is enabled, the application deletes from the Cloud group all the subgroups that do not match any existing cloud objects.
      
      If this option is disabled, subgroups that do not match any of the existing cloud objects are retained.
      
      By default, this option is enabled.
    If you enabled the Synchronize with Cloud option when running the Cloud Environment Configuration Wizard, the Synchronize with Cloud rule is created with the Create subgroups corresponding to containers of newly detected devices and Delete subgroups for which no match is found in the cloud segments check boxes selected.
    
    If you did not enable Synchronize with Cloud option, the Synchronize with Cloud rule is created with these options disabled (cleared). If your work with Kaspersky Security Center requires that the structure of subgroups in the Managed devices\Cloud subgroup matches the structure of cloud segments, enable the Create subgroups corresponding to containers of newly detected devices and Delete subgroups for which no match is found in the cloud segments options in the rule properties, and then enforce the rule.
In the Device discovered using API drop-down list, select one of the following values:
- AWS. The device is discovered by using the AWS API, that is, the device is definitely in the AWS cloud environment.
- Azure. The device is discovered by using the Azure API, that is, the device is definitely in the Azure cloud environment.
- Google Cloud. The device is discovered by using the Google API, that is, the device is definitely in the Google Cloud environment.
- No. The device cannot be detected by using the AWS, Azure, or Google API, that is, it is either outside the cloud environment or it is in the cloud environment but it cannot be detected by using an API.
No value. This condition does not apply.If necessary, set up other rule properties in other sections.
If necessary, enforce the rule by clicking the Force button in the lower part of the window.
The Rule Execution Wizard starts. Follow the instructions of the Wizard. When the Wizard finishes, the rule will be run and the structure of subgroups in the Managed devices\Cloud subgroup will match the structure of your cloud segments.
Click the OK button.

The properties are set up and saved.

To disable the Synchronize with Cloud rule:

In the console tree, right-click the name of the Device discovery node.
In the context menu, select Properties.
In the Properties window that opens, in the Sections pane, select Move devices.
In the list of device moving rules in the workspace, disable (clear) the Synchronize with Cloud option and click OK.

The rule is disabled and will no longer be applied.