Although Security Analytics has 5 pre-configured roles, you can add custom roles. For example, in addition to the pre-configured Analysts role, you can add custom roles for AnalystsEurope and AnalystsAsia.
|Administrators||Full system access|
|Operators||Access to configurations but not to data|
|Analysts||Access to data but not to configurations|
|SOC_Managers||Same access as Analysts and an additional permission to handle incidents|
|Malware_Analysts||Access to malware events only|
Depending on the user role, you can set the following access permissions to access the Reporting module components (Rules, Reports, Charts, Alerts, Lists):
Note: You must enable all these permissions for a user role to be able to define, delete, manage and view each of the Reporting modules. You must also have appropriate permissions for the data source to be listed, while defining the reports, charts, or alerts. For more information, see Configure Data Source Permissions in the Reporting Engine Configuration Guide.
Each of the following procedures starts on the Roles tab. Perform the following steps to navigate to the Roles tab:
- In the Security Analytics menu, select Administration > Security.
The System Security panel is displayed with the Users tab highlighted.
Click the Roles tab.
Roles panel is displayed, as shown below:
Add a Role and Assign Permissions
The Add Role screen is displayed, as shown below:
In the Role Info section, provide the role information for the following:
- (Optional) Description
- In the Permissions section:
- Click and to scroll through the modules.
- Select the Reports module the role accesses.
- Select each permission the role has.
- Repeat the previous step until you select all permissions to assign to the role.
- Click Save to add the new role, which is effective immediately. You can now assign the new role to users.