Moving devices to another administration group

You can move a device to another administration group of Kaspersky Single Management Platform. This may be required when the analysis of an alert or incident shows that the protection level of the device is low. When you move a device to another administration group, the group policies and tasks are applied to the device.

You can move a device to another administration group in one of the following ways:

• From the alert or incident details.
• From the device details.
• From an investigation graph.

  This option is available if the investigation graph is built.

You can also configure the response action to run automatically when creating or editing a playbook.

To move a device to another administration group, you must have one of the following XDR roles: Main administrator, Tenant administrator, Junior analyst, Tier 1 analyst, Tier 2 analyst.

It might take up to 15 minutes to launch a response action due to the synchronization interval between the managed device and the Administration Server.

To move a device to another administration group:

1. In the main menu, go to the Monitoring & reporting section, and then select the Alerts or Incidents section.

   If you want to move a device to another administration group from an investigation graph, select the Incidents section.

2. Click the ID of the required alert or incident.
3. In the window that opens, do one of the following:
   • If you want to respond through the alert or incident details, go to the Assets tab, and then select check box next to the device to be moved to another administration group.

     You can select several devices, if the devices are managed by the same Administration Server: primary, secondary, or virtual.

   • If you want to respond through the device details, go to the Assets tab, click the name of the required device, and then in the drop-down list, select View properties.
   • If you want to respond through an investigation graph, click the View on graph button. In the investigation graph that opens, click the device name to open the device details.
4. In the Select response actions drop-down list, select Move to group.

   The Move to group window that opens on the right side of the screen displays the administration groups of the Administration Server that manages the selected device.

5. Select the administration group to which you want to move the device, and then click the Move button.

   The selected group must belong to the same tenant as the device.

   The device will be moved to the selected administration group. An appropriate message is displayed on the screen.

Page top