Managing Device Groups

Overview

Device Groups help organize devices into groups typically based on organizational or operational criteria—such as network segment, security level, or any other criteria, including geography, function, or business unit.

SecureTrack supports two types of Device Groups:

  • Management Groups

    Management Groups are collections of devices defined and maintained by the administrator in SecureTrack. Management Groups can organize devices in a way that reflects the enterprise's structure, helping streamline policy design, compliance monitoring, and reporting. Management Groups are not automatically updated when devices are added or removed, and must be manually modified.

    See Management device groups

  • Cloud Organizations

    Cloud Organizations help administrators discover and onboard cloud accounts associated with an organization automatically with a single set of authentication credentials, and automatic import settings.

    See Cloud organization device groups

 

Management device groups

When you select a group, the charts and tables show the data for the members of the group.

The options in the menu change according to which objects are selected in the tree. If you select more than one type of object, the menu is disabled.

What can I do here?

Create management groups

  1. In the Groups tree, select the parent group for the new group. If Multi-Domain is implemented, you can add groups under the each domain, but not directly under the All Devices group.

  2. Enter a unique name for the new group in Group name and click Save.

    Each group directly under the same parent group must have a unique name. If you want to rearrange the groups after they are created, you must delete and re-add the groups that you want to move.

Rename management groups

  1. In the Groups tree, select the group to rename.

  2. Edit the name and click Save.

Delete management groups

  1. In the Groups tree, select the group to delete

  2. Click and click Delete.

Add/remove devices from management groups

  1. In the Groups tree, select a group.

  2. Select the devices to move and use the and buttons to move them into or out of the group.

You can also enter text into the search fields and press Enter or click to filter the lists of devices.

Change admin credentials for all devices in management groups

  1. In the Groups tree, select a group.

  2. Click and click Change Credentials.

  3. Enter and confirm any of the new credential details, including username, password, or both. If relevant for the device, you can also enter and confirm a new enable password. If you leave fields blank, those details are not updated.

  4. Click Apply to save the new credentials for the devices in SecureTrack.

    Note: SecureTrack stops retrieving policies from the devices until you configure the matching credentials on the devices.

The changes to device groups take effect immediately.

 

Cloud organization device groups

Configure Cloud Organizations to automatically discover and onboard accounts, eliminating the need to manually import each new account. Define the authentication credentials once for the organization and reuse them for any account you associate with the organization.

The Cloud Organizations page in Device Groups lists existing organizations, their settings, and options available to manage them.

Add a cloud organization by configuring the organization settings, including credentials and automatic account import:

You can also import accounts manually at any time for cloud organizations.

After you configure a Cloud Organization, you can associate existing and new devices with it:

Manually import entities cloud organizations

Manually import member accounts or subscriptions for Cloud Organizations when needed, regardless of whether you have enabled automatic import of the same. Manual import behavior depends on whether automatic import is enabled for the Cloud Organization.

Though manual import is supported, to ensure that all entities–member accounts or subscriptions, are imported, automatic import is recommended.
In large cloud environments, the volume of entities can increase the duration of manual imports and impact performance.

When you manually import entities:

  • If automatic import is enabled, the member accounts or subscriptions are imported based on the settings configured for automatic import.

  • If automatic import is disabled, the member accounts or subscriptions are imported into the default domain in TOS.

  • These automatic import settings are enabled by default :

    • Collect traffic logs for rule usage analysis

    • Enable topology

    • Automatic VPC/VNet Import

Transit Gateways and Load Balancers must be manually imported.

 

  1. Select Cloud Organizations.

  2. From the list of Cloud Organizations, select the organization for which to manually import accounts, and from the context menu, select Import Accounts.

TOS initiates and completes the import process without requiring any intervention on your part.

Editing/deleting cloud organizations

After configuring a Cloud Organization, you can edit its settings, including automatic account import settings, and delete existing organizations.

Editing cloud organization settings

Changes to automatic account import settings affect only newly imported accounts. Existing accounts are not affected.

Deleting cloud organizations

Deleting a Cloud Organization removes it from SecureTrack.
Each account associated with the organization will use the credentials most recently defined for it in the organization's settings for authentication. For AWS, this is the Secret Key ID and the Secret Access Key. For Azure, this is the Application ID and Application Secret.

  1. From the navigation bar, select Cloud Organizations.

  2. From the list of Cloud Organizations, select the organization, and from the context menu, select:

    • Edit: Update the settings. See cloud organization settings for AWS and Azure.

    • Delete: Remove the Cloud Organization from SecureTrack.

How do I get here?

SecureTrack > Monitoring > Device Groups