Add and configure a zone

You can use zones to group and manage Aurora Protect Desktop and Aurora Focus devices. You can group devices based on geography (for example, Asia and Europe), function (for example, Sales and IT staff), or by any criteria that your organization requires.

You can assign a device policy to a zone and apply that device policy to the Aurora Protect Desktop and Aurora Focus devices that belong to that zone. You can also add a zone rule to add devices to a zone based on criteria specified in a saved query, like domain name, IP address range, or operating system. New devices are automatically added to a zone if they match the zone rules criteria.

By default, devices that are added automatically to the zone will follow the zone rules. If the automatic device removal option is selected in the zone rules, devices that follow the zone rules are automatically removed from the zone when they don't meet the zone rules criteria. You can also manually add devices that ignore the zone rules so they aren't automatically removed from the zone. When managing a zone, you can change whether a device follows or ignores the zone rules.

Note: Administrator users with the Zone Manager role can install agents on devices, but they do not have access to the default zone (Unzoned), so they cannot assign devices to zones.

When you create a new Aurora Endpoint Security tenant, or when you reset a tenant to the recommended default state, Arctic Wolf provides preconfigured zones and preconfigured device policies that are designed to help you tune your environment to the desired security posture.

For more information, see Aurora Endpoint Security tenant configuration.

If you want to add a zone rule to the zone, you need to create and save a query from the Assets > Devices screen. The list of devices in the results of the saved query indicates the devices that are automatically added to the zone. For more information, see Manage Aurora Protect Desktop and Aurora Focus devices.
  1. In the management console, on the menu bar, click Zones.
  2. Click Add New Zone.
  3. In the Zone Name field, enter a name for the zone.
  4. In the Policy list, click a device policy to associate with the zone.
  5. In the Value field, select the priority level that you want to automatically set for threats found on devices in the zone. For example, you can set the Value field to High in this zone, so that all threats found on devices in this zone will have their Priority field set to High. If a device is in more than one zone, the higher priority value is set.
    The priority level for threats are found on the Protection > Threats page. This setting has no impact on managing Alerts, Zones, Policies or Devices from the respective pages.
  6. Click Save.
  7. In the zones list, click the name of the zone that you created.
  8. Do any of these actions:

    • Add a zone rule to automatically add devices.

      You need a saved query to add a zone rule.
      1. Click Create Rule.
      2. Select a saved query. The query can contain any of these fields only; if a query contains a field that is not in this list, you cannot use it:
        • Device name
        • DNS name
        • IP addresses
        • MAC addresses
        • OS version
        • OS build/kernel version
        • Distinguished Name
        • Member of (LDAP)
      3. If you want to automatically apply the device policy that's associated with the zone, select Apply zone policy to devices when they are added to the zone. This option is not available if the associated device policy is set to None.
      4. If you want to automatically remove devices that do not match the criteria of the zone rule from the zone, select Remove devices automatically from this zone. This only affects devices that follow the zone rules. If you don't want to associate and apply a device policy to devices in this zone, select None.
      5. Click Save.
    • Manually add devices to the zone.
      When you manually add a device to a zone, the device ignores the zone rules by default. A device that ignores the zone rules will remain in the zone even when it doesn't match the zone rule criteria.
      1. On the Devices tab, click Add Device to Zone.
      2. Select the devices that you want to add. You can apply filters to find devices.
      3. If you want to apply the zone device policy to those devices, select the Apply zone policy to selected devices check box.
      4. Click Save.
    • Apply the zone device policy to all the users in the zone.
      This action replaces any device policies that are currently assigned to devices with the device policy that is currently assigned to the zone. If you choose None for the associated policy, the option to automatically assign a policy will no longer be available. You also cannot apply a policy to all devices as the option will not be available.
      1. Select the Apply to all devices in this zone check box.
      2. Click Save.
    • Set a device to follow or ignore a zone rule.
      In the list of devices in a zone, devices that follow that zone rule can be identified from the Zone Rule column. Devices that follow the zone rules are subject to automatic removal from the zone. Devices that ignore the zone rules will remain in the zone (unless you remove them manually).
      1. On the Devices tab, select one or more devices.
      2. Click Follow Zone Rule or Ignore Zone Rule.
      3. Click Yes.
    • Copy devices to another zone.
      1. On the Devices tab, select one or more devices.
      2. Click Copy Device.
      3. Select one or more zones.
      4. Click Save.
    • Remove devices from the zone.
      1. On the Devices tab, select one or more devices.
      2. Click Remove Device from Zone.
      3. Click Yes.