Host GS: Add, Replicate or Delete a Service User

You must add a user to a service for:

• Aggregation
• Accessing the service with the:
  • Thick client
  • REST API

Note: This topic does not apply to users who access services through the user interface on Security Analytics server. You must add those users to the system, not a service. For details, see the Set Up a User topic in System Security and User Management.

For each service user, you can:

• Configure user authentication and query handling properties for the service
• Make the user a member of a role, which has a set of permissions the user receives
• Replicate the user account to other services
• Change the service user password on selected services

Change a Service User Password provides instructions for changing the service user password across services.

Replication and Migration Considerations

When replicating a user from a Security Analytics 10.5 or later service to a Security Analytics 10.4 service, Query Timeout migrates to Query Level based on the closest level. For example, if a user has a Query Timeout of 15 minutes, the user gets a Query Level of 3 after the migration. If a user has a Query Timeout of 35 minutes, the user gets a Query Level of 2 after the migration. If a user has a Query Timeout of 45 minutes, the user gets a Query Level of 2 after the migration.

When migrating or replicating a user from a Security Analytics 10.4 service to a Security Analytics 10.5 or later service, Query Level migrates to Query Timeout based on the following definitions:

• Query Level 1 = 60 minutes
• Query Level 2 = 40 minutes
• Query Level 3 = 20 minutes

Procedures

Access the Security View

Each of the following procedures starts in the Services Security view.

To navigate to the Services Security view:

1. In the Security Analytics menu, select Administration > Services.
2. Select a service, then  > View > Security.
   The Security view for the selected service is displayed with the Users tab open.
   

Note: For Security Analytics 10.4 and earlier service versions, in the User Settings section, the Query Level field is displayed instead of SA Core Query timeout.

Add a Service User

1. On the Users tab, click .
2. Type the Username to access the service, then press Enter.
   The User Information section displays the Username and the rest of the fields are available for editing.
3. Type the password for logging on to the service in the Password and Confirm Password fields.
4. (Optional) Provide additional information:

• Name for logging on to Security Analytics
• Email address
• Description of the user

5. In the User Settings section, select the following information: 

• Authentication Type
  • If Security Analytics authenticates the user, select Netwitness.
  • If Active Directory or PAM is configured on Security Analytics Server to authenticate the user, select External.

Note: In 10.4 and later, trusted connections make it unnecessary to configure external user accounts on the service. All external configuration is centralized on Security Analytics Server. 

• SA Core Query Timeout is the maximum number of minutes a user can run a query on the service. This field applies to Security Analytics 10.5 and later service versions and does not appear for 10.4 and earlier versions.
• Query Level is the maximum number of minutes allowed for a user to perform a query on a service. There are three query levels: 1, 2, and 3. This field applies to Security Analytics 10.4 and earlier service versions and does not appear for 10.5 and later service versions.

6. (Optional) Specify additional query criteria:

• Query Prefix filters queries. Type a prefix to restrict results the user sees.
• Session Threshold controls how the service scans meta values to determine session counts. Any meta value with a session count that is above the threshold stops its determination of the true session count.

7. In the Role Membership section, select each role to assign to the user. When a user is a member of a role on a service, the user has the permissions assigned to the role.
8. To activate the new service user, click Apply.

The user is added to the service immediately.

Replicate a User to Other Services

1. In the Users tab, select a user and  > Replicate.
   The Replicate Users to Other Services dialog is displayed.
   
2. Enter the user's password and confirm the password.
3. Select each service to which you are replicating the user.
4. Click Replicate.

The user account is added to each selected service.

Delete a Service User

1. On the Users tab, select the Username and click .
   Security Analytics requests confirmation that you want to delete the selected user.
2. To confirm, click Yes.

The user is deleted from the service immediately.