Sec/User Mgmt: Step 3. Verify Query and Session Attributes per Role

Document created by RSA Information Design and Development on Sep 19, 2017Last modified by RSA Information Design and Development on Oct 2, 2017
Version 3Show Document
  • View in full screen mode
  

This topic explains the query and session attributes and provides instructions for setting these attributes for user roles. This topic also describes how these role settings impact individual user settings and what happens if a user is a member of multiple roles.

After you define your user roles, it is important to verify the query and session attributes that are set for each role. You can adjust these settings according to your requirements.

Query and Session Attributes

Query and session attributes determine how to handle the queries that a user runs. These attributes enable you to lock down the information that users can retrieve. These attributes apply to all sessions of users assigned to a role.

Depending on your requirements, you can specify the following query-handling attributes for a user role:

  • Core Query Timeout is an optional setting that applies to NetWitness Suite 10.5 and later Core services. It specifies the maximum number of minutes that a user can run a query. If this value is set, it must be zero (0) or greater. A value of zero represents no timeout.
  • Core Session Threshold is a required setting. This value must be zero (0) or greater. If the threshold is greater than zero, a query optimization will extrapolate the total session counts that exceed the threshold. When the meta value returned by the query reaches the threshold, the system will:
    • Stop its determination of the session count
    • Show the threshold and percentage of query time used to reach the threshold
  • Core Query Prefix is an optional filter applied to queries the user runs. The prefix restricts query results that the user sees. For example, the 'service' = 80 query prefix prepends to any queries run by the user and the user can only access meta of HTTP sessions.

The query-handing attribute settings applied for a user depend on the role memberships of the user. It is important to verify the query-handling attribute settings for your roles.

How Query-Handling Attribute Settings Apply to Individual Users

If a user is a member of multiple roles, the following logic applies for the user:

  • Query Timeout: The most permissive (highest) value of all assigned roles applied to the user.
  • Query Prefix: The query prefixes of each of the user roles are AND'd together.
  • Session Threshold: The highest value of all the assigned roles applied to the user.

Procedure

To set query handling attributes for a user role:

  1. Go to ADMIN > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Roles tab. If you are adding a role, click Add icon. If you are editing a role, select the role and click Edit icon.
    The Add or Edit Role dialog is displayed.
    Edit Role dialog
  3. To set the attributes for the role, in the Attributes section:
    • (Optional) In the Core Query Timeout field, type the maximum number of minutes that a user can run a query. The default value is 5 minutes. This timeout only applies to queries performed from Investigation. NetWitness Suite 10.5 and later Core services use this field.
      When migrating to NetWitness Suite 10.5 and later, if there is no value set in the roles, 5 minutes is set by default.
    • Type a Core Session Threshold for the system to stop its determination of the session count. The default is 100000. The limit you specify here overrides the Max Session Export value defined in the INVESTIGATE view settings.
    • (Optional) Type a Core Query Prefix to filter query results that the role members see. By default, this is blank.

Note: A value shown in italics indicates a default value, for example 5. A value shown without italics indicates a change from the default value, for example, 1200.

  1. Click Save.
You are here
Table of Contents > Manage Users with Roles and Permissions > Step 3. Verify Query and Session Attributes per Role

Attachments

    Outcomes