During the Cloud environment configuration wizard operation, the Synchronize with Cloud rule is created automatically. This rule enables you to automatically move devices detected in each poll from the Unassigned devices group to the Managed devices\Cloud group, to make these devices available for centralized management. By default, the rule is active after it is created. You can disable, modify, or enforce the rule at any time.
To edit the properties of the Synchronize with Cloud rule and/or enforce the rule:
In the main menu, go to Discovery & deployment → Deployment & assignment → Moving rules.
A list of moving rules opens.
In the list of moving rules, select Synchronize with cloud.
The rule properties window opens.
If necessary, specify the following settings in the Rule conditions tab, in the Cloud segments tab:
The rule applies to all devices in the selected segment and in all nested cloud subsections. Otherwise, the rule only applies to devices that are in the root segment.
If this option is enabled, when the structure of the Managed devices\Cloud group has no subgroups that will match the section containing the device, Kaspersky Security Center Cloud Console creates such subgroups. For example, if a new subnet is discovered during device discovery, a new group with the same name will be created under the Managed devices\Cloud group.
If this option is disabled, Kaspersky Security Center Cloud Console does not create any new subgroups. For example, if a new subnet is discovered during network poll, a new group with the same name will not be created under the Managed devices\Cloud group, and the devices that are in that subnet will be moved into the Managed devices\Cloud group.
If this option is enabled, the application deletes from the Cloud group all the subgroups that do not match any existing cloud objects.
If this option is disabled, subgroups that do not match any of the existing cloud objects are retained.
By default, this option is enabled.
If you enabled the Synchronize administration groups with cloud structure option when using the Cloud environment configuration wizard, the Synchronize with cloud rule is created with the Create subgroups corresponding to containers of newly detected devices and Delete subgroups for which no match is found in the cloud segments options enabled.
If you did not enable the Synchronize administration groups with cloud structure option, the Synchronize with cloud rule is created with these options disabled (cleared). If your work with Kaspersky Security Center Cloud Console requires that the structure of subgroups in the Managed devices\Cloud subgroup matches the structure of cloud segments, enable the Create subgroups corresponding to containers of newly detected devices and Delete subgroups for which no match is found in the cloud segments options in the rule properties, and then enforce the rule.
In the Device discovered by using the API drop-down list, select one of the following values:
No. The device cannot be detected by using the AWS, Azure, or Google API, that is, it is either outside the cloud environment, or it is in the cloud environment but for some reason it cannot be detected by using an API.
AWS. The device is discovered by using the AWS API, that is, the device is definitely in the AWS cloud environment.
Azure. The device is discovered by using the Azure API, that is, the device is definitely in the Azure cloud environment.
Google Cloud. The device is discovered by using the Google API, that is, the device is definitely in the Google cloud environment.
No value. This criterion cannot be applied.
If necessary, set up other rule properties in the other sections.