Manage Users
  • 4 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Manage Users

  • Dark
    Light
  • PDF

User Management is the process of creating and maintaining a user store. User management establishes a user’s authorization to access secure resources, it also serves as a repository of identities and is the source of all identities in an organization. Access control is applied to regulate who can view or use resources in a particular environment.

Cluster Administrator

  • The user created at the First time UI stage will be the Cluster Administrator.
  • A Cluster Administrator is the Super Administrator and will manage all the scopes that fall under the Cluster.
  • The user roles are assigned and managed by Cluster Administrators across all the scopes.

Example:

  • Times Group has multiple subsidiaries that are managed by them such as Times Music, Times Internet, Times Business Solutions etc.
  • In this case, a DNIF Deployment Scenario could be Time Group as a cluster and the various subsidiaries as various scopes within the Times Group cluster.

How to view Managed Users?

Hover on the Administrator (lock) icon on the left navigation panel and select Manage Users, the following page will be displayed.

image.png

The above page displays the following details.

Field Description
Organization/User Name Displays the Organization /Username of the added user
Email id Displays the email address of the user
Created on Displays the date and time when the user was created.
Last Login Displays the date and time when this user last logged in.
image.png Click this to view the details of the user activity along with the following details, you can click on each row to view the details of the user activity.
  • Created on: Displays when the user was created
  • Source: Displays the IP Adress from where the user activity was initiated
  • Action: Displays the action performed by the user
  • User: Displays the username of the user who performed the activity
  • image.png Click this to refresh the user list
    image.png Click this to search for a particular user
    image.png Click this to add a new user

    How to add a New User?

    • Hover on the Administration icon on the left navigation bar of the Home screen, from the options displayed select Manage User, the following screen will be displayed.

    image.png

    • Click plus icon on the top right corner of the screen to add a User.
    • The Users / Add User screen displays the following fields:

    image.png

    Field Name Description
    Full name Enter the full name of the user to be added
    Organization Select the organization of the User
    Email Id Enter the email id of the User
    Phone Number Enter the contact details of the User
    Is Cluster Administrator? Select Yes, to add this user as a Cluster Admin. If No, the User will be assigned privileges based on the Roles assigned.
    Manage Access You can assign roles to this added user. Refer below How to Assign Roles to User?
    • Enter / Select all the above details and click Invite. You will receive an invitation in your inbox, click the link and set the password for login. On successful login, you will be listed on the user list page.

    How to Assign Roles to a User?

    • Once the user details are entered, Cluster Admin can assign roles from the Manage Access section.

    image.png

    • The first column displays the cluster name and the roles. The second column onwards are the different Scopes and their roles within that cluster

    • You can assign the following roles to users.

    Roles Permission
    Administrator Users with Administrator access rights will be able to access all the pages except the following:
  • Configure SMTP
  • Mission control
  • Manage components
  • Compute Policy
  • Organizations
  • Manage Users
  • Switchboard
    Note: If Administrator is also Cluster Admin then will have access to all pages.
  • Cluster Admin Users with Cluster Admin access rights will be have complete access including the following:
  • Configure SMTP
  • Mission control
  • Manage components
  • Compute Policy
  • Organizations
  • Manage Users
  • Switchboard
  • Security Engineer Users with Security Engineer access rights will be able to do the following:
  • View Collection Status/ Manually override and rollback an extractor
  • View/ Define Custom Enrichment bucket
  • Upload custom Eventstores
  • View/ Create custom extractors
  • Configure Integrations
  • Manage Tokens
  • Machine Learning
  • Security Analyst Users with Security Analyst access rights will be able to do the following:
  • Create Dashboards/ Add Widgets to Dashboards
  • Manage Cases/ Create and view Cases/ Killchain View
  • View Signals/ Connected Graph
  • Add/edit/delete self created Workbooks, Schedule/ Add parameters to Workbook
  • View/Create/Schedule Reports, Invoke/Revoke a report
  • MITRE ATT&CK
  • Analyse User Behavior
    • By default, Scope level roles are automatically assigned on assigning a cluster level role for the user.

    • Select Custom option at the cluster level to assign varied roles at Scope level.

    • Once the roles are defined click Invite at the top right corner of the page to send an invite to the user.

    How to edit/delete a User?

    image.png

    • To edit/delete the User details, click the required User from the list.

    image.png

    • Validate the User details and click the Edit or Delete icon on the top right corner of the screen, to edit or delete the User details respectively.

    How to reset a user password?

    image.png

    • To reset the password of the User, click on the required user from the list. The following screen is displayed.

    image.png

    • Click the Reset Password button, a pop-up window will be displayed.

    image.png

    • Click Reset to receive a reset password link in your inbox, click the link and reset the password to login.

    Audit Trail

    Audit trail monitors and logs user activity in a system. Audit trail logs can be downloaded and included as evidence in an investigation, or analyzed when troubleshooting an issue. As an administrator, you can download the user audit trail in CSV format.

    image.png

    • Click Audit Trail on the top right corner of the screen to view audit logs.
    • The Console Audit Trail screen displays the following fields:

    image.png

    Field Name Description
    Created on Timestamp when the activity was performed
    Source Displays the Source IP address from where the activity was performed
    Action Details of the activity performed
    User Username of the user that performed the action
    image.png Downloads the report in CSV format

    Was this article helpful?

    What's Next