Creating a device group in MaaS360 to use the Lookout MES service

You must create device groups in the IBM® MaaS360® Portal for the Lookout MES service to determine which actions to take against devices based on the risk levels set in the security policy.

When Lookout MES detects a threat on a protected device, the threat is automatically classified by the Lookout MES service. The classifications are assigned a risk level based on the current policy settings in the Lookout MES console.

You must associate device groups that are created in MaaS360 with risk levels that are set by Lookout MES during the API integration. You can use custom attribute values that are set by Lookout MES during API integration to create and associate, at a minimum, one device group with a risk level.

Example

In the following example, a Lookout MES Medium Risk Group is displayed with the assigned criteria for membership to include active devices with the Lookout_Threat_Level set to Medium.

The devices that meet this criteria with Lookout MES threat detections become members of the device group. This group is associated with various device policy actions in MaaS360. When all active threats are remediated or removed from the devices, Lookout MES returns the device state to Secured and the device is returned to the previous (normal) device groups and associated policies in MaaS360.

What to do next: Creating compliance rules for policy actions in MaaS360