Use Sensor Groups to Manage Sensors - Tutorial
If you have a large organization, especially spread across geographic locations or segmented into multiple departments, you may want to limit the access that some administrators have to certain other parts of the organization.
To assist with this, the Cybereason platform enables you to create sensor groups. You create groups to fit your own criteria and assign sensors to the groups. Afterward, sensor admins only have access to those sensors in the groups to which they are assigned.
This tutorial demonstrates how to create sensor groups to reflect geographic areas of a multi-national company. You can organize your sensor groups using any criteria you like.
Note
To create sensor groups, your Cybereason user must have the System Admin role. To assign sensors to a group, your Cybereason user must have the Sensor Admin L1 role assigned.
In this topic:
Step 1: Create the sensor groups
Sensor groups are containers for selected sensors. You assign these groups to different sensor admins to manage and to limit access to these specific sensors.
In this step, you create three groups: USA, EMEA, and Australia/New Zealand.
To create the sensor groups, follow these steps:
In your Cybereason platform, navigate to the System > Groups screen.
In the Groups screen, click Create new group.
In the Create new group dialog box, give the the first sensor group a name and description:
Name: USA
Description: Sensors in the USA region
Leave the Assignment logic and Policy assignment options blank for now. You will fill these in later.
Click Create group.
In the main Groups screen, repeat steps 2-4 to create two additional groups:
Group 1
Name: EMEA
Description: Sensors in the EMEA region
Group 2
Name: AUS-NZ
Description: Sensors in the Australia and New Zealand region
Step 2: Assign sensors to a group
When you have created sensor groups, you can assign or remove sensors in these groups. Sensors that are not assigned to any sensor group are located in the Unassigned group.
To assign the sensors in a group, follow these steps:
In your. Cybereason platform, navigate to the System > Sensors screen.
In the top right corner of the Sensors screen, in the dropdown list, select the Unassigned group.
In the Sensors screen, select the sensor that you want to add.
Above the sensors list, click Actions and select Add to Group.
In the Add sensors to group dialog box, from the group list, select USA.
Click Confirm to assign the sensor.
Later, if you need to remove the sensor from the group, use the Remove From Group option.
Step 3: Assign sensors automatically
To help scale and automate parts of the sensor group assignment process, you can instruct the Cybereason platform to assign a sensor to a specific group according to one of the following criteria:
Organization unit (OU)
Machine name
Internal IP address
External IP address
In this tutorial, the USA part of your organization uses IP addresses in a certain range. You will create criteria that assigns sensors that have IP addresses in this range to the USA group.
To set automatic assignment criteria, follow these steps:
In your Cybereason platform, navigate to the System > Groups screen.
In the Groups screen, for the USA group, click the Edit button.
In the Edit group screen, in the Assignment logic field, from the Select dropdown list, select Internal IP address.
Next to the Internal IP address option, select is in range
Replace any ip address with mask with the IP address and mask (for example, 192.168.5.0/24).
Click Save changes.
You can perform steps 2-5 above to also assign the IP ranges to the EMEA and AUS-NZ groups.
Now, when you add a sensor that has an IP address in the specified range, the Cybereason platform automatically assigns the sensor to the USA group.