Reporting Engine: Configure Data Privacy for Reporting Engine

Document created by RSA Information Design and Development on Sep 15, 2017Last modified by RSA Information Design and Development on Oct 4, 2017
Version 5Show Document
  • View in full screen mode
  

You can configure the data privacy for all data sources of Reporting Engine using the Sources tab of the Services > View > Config view.

With the addition of the Data Privacy feature to NetWitness Suite 11.0 and above, access to sensitive meta in NetWitness Suite Core services can be restricted by configuring separate data sources for Data Privacy Officer (DPO) users and non-DPO users, and limiting access to those data sources by assigning appropriate permissions.

In the Services Config view, you can add each Core service as two separate data sources: one with a service account having privileges equivalent to a DPO and the other with a service account having privileges equivalent to any other user. Then, to limit access to those data sources based on roles, you can assign read access or no access to those data sources for individual roles. To limit access to Warehouse data sources, you can do the same.

For more information, see Configure Data Source Permissions.

Note: A user assigned to the Data_Privacy_Officers role (or an equivalent custom role), can create a report, chart and alert. Also, configure a report or alert output actions in the Reporting module. In an environment where data privacy features of NetWitness Suite are enabled and one or more meta keys are configured as protected, these actions can result in the following:
- When an alert is created by a DPO user, any protected or sensitive meta involved in the alert is automatically available in Respond. This may inadvertently provide all the users of Respond module access to the sensitive meta values, regardless of their roles. One option to prevent this is to disable publishing into Respond from Reporting.
- When an Output Action is configured by a DPO user, either sensitive meta values, reports with sensitive meta values or both, may become available to target users or destinations of that Output Action, regardless of the role assigned to the target user.
It is strongly recommended that DPO users completely avoid creating alerts or configuring output actions for a report or alert in the Reporting module. If they do such configuration, the above implications must be carefully considered.

NetWitness Suite Core services (for example, Concentrator, Broker, or Archiver) support the ability to restrict meta data based on the configured user role. To make use of the data privacy feature for Reporting Engine, you can configure two separate service accounts against Core. One service account for general purpose reporting that does not include any sensitive data and the other account for privileged users with access to all data including sensitive data. The access to restricted meta data for the two service accounts is configured as part of the data privacy plan on each Core service.

In Reporting Engine, you can add each Core service as two separate data sources (one being the regular data source and the other a privileged data source) using the two separate service accounts. You can configure Reporting Engine to allow only users with privileged roles to access the sensitive data source. Hence, Reporting Engine can connect to a NWDB Data source in two ways:

  • Using a service account with DPO role.
  • Using a service account without a DPO role.

Note: You can also add two or multiple data sources for the same Core service.

After adding two data sources with different service accounts for the same Core service, you can configure data source permissions to manage access to these data sources. For more information, see Configure Data Source Permissions.

Note: If the content is changed to utilize the transformed meta key, the hash value of the original meta is displayed in its place when viewing reports, charts and alerts.

Add a NWDB Data Source with Different Service Accounts

To add a NWDB data source:

  1. Go to ADMIN > Services.
  2. In the Services list, select a Reporting Engine service.
  3. Click ViewConfig.

    The Services Config view of Reporting Engine is displayed.

  4. Select the Sources tab.

    The Services Config View is displayed.

  5. Click  and select Available Services.

    The Available Services dialog is displayed. All services are listed, including those that have already been added to the Reporting Engine.

    Reporting Engine Available Services dialog.

  6. Select the checkbox next to the service and click OK.

    The Service Information dialog for the selected service is displayed.

    Reporting Engine Service Information dialog.

    Note: NetWitness Suite prompts you to provide a username and password for the selected service. To limit access to sensitive data, DPO users must use their credentials while adding the source instead of using the admin credentials. These credentials need to be applied to the host even if using trusted connections between the NetWitness Suite server and NetWitness Suite Core hosts.

    Repeat the step for Non-DPO data source.

  7. Type the username and password for the required service account.
  8. Click OK.

    The required service is added as a data source to the Reporting Engine. Two data sources are added to Reporting Engine for the same Core device.

You are here
Table of Contents > Configure Data Privacy for Reporting Engine

Attachments

    Outcomes