You must add a user to a service for:
- Aggregation
- Accessing the service with the:
- Thick client
- REST API
Note: This topic does not apply to users who access services through the user interface on Security Analytics server. You must add those users to the system, not a service. For details, see the Set Up a User topic in System Security and User Management.
For each service user, you can:
- Configure user authentication and query handling properties for the service
- Make the user a member of a role, which has a set of permissions the user receives
- Replicate the user account to other services
- Change the service user password on selected services
Change a Service User Password provides instructions for changing the service user password across services.
Replication and Migration Considerations
When replicating a user from a Security Analytics 10.5 or later service to a Security Analytics 10.4 service, Query Timeout migrates to Query Level based on the closest level. For example, if a user has a Query Timeout of 15 minutes, the user gets a Query Level of 3 after the migration. If a user has a Query Timeout of 35 minutes, the user gets a Query Level of 2 after the migration. If a user has a Query Timeout of 45 minutes, the user gets a Query Level of 2 after the migration.
When migrating or replicating a user from a Security Analytics 10.4 service to a Security Analytics 10.5 or later service, Query Level migrates to Query Timeout based on the following definitions:
- Query Level 1 = 60 minutes
- Query Level 2 = 40 minutes
- Query Level 3 = 20 minutes
Procedures
Access the Security View
Each of the following procedures starts in the Services Security view.
To navigate to the Services Security view:
- In the Security Analytics menu, select Administration > Services.
- Select a service, then
> View > Security.
The Security view for the selected service is displayed with the Users tab open.
Note: For Security Analytics 10.4 and earlier service versions, in the User Settings section, the Query Level field is displayed instead of SA Core Query timeout.
Add a Service User
- On the Users tab, click
.
- Type the Username to access the service, then press Enter.
The User Information section displays the Username and the rest of the fields are available for editing. - Type the password for logging on to the service in the Password and Confirm Password fields.
- (Optional) Provide additional information:
- Name for logging on to Security Analytics
- Email address
- Description of the user
- In the User Settings section, select the following information:
- Authentication Type
- If Security Analytics authenticates the user, select Netwitness.
- If Active Directory or PAM is configured on Security Analytics Server to authenticate the user, select External.
Note: In 10.4 and later, trusted connections make it unnecessary to configure external user accounts on the service. All external configuration is centralized on Security Analytics Server.
- SA Core Query Timeout is the maximum number of minutes a user can run a query on the service. This field applies to Security Analytics 10.5 and later service versions and does not appear for 10.4 and earlier versions.
- Query Level is the maximum number of minutes allowed for a user to perform a query on a service. There are three query levels: 1, 2, and 3. This field applies to Security Analytics 10.4 and earlier service versions and does not appear for 10.5 and later service versions.
- (Optional) Specify additional query criteria:
- Query Prefix filters queries. Type a prefix to restrict results the user sees.
- Session Threshold controls how the service scans meta values to determine session counts. Any meta value with a session count that is above the threshold stops its determination of the true session count.
- In the Role Membership section, select each role to assign to the user. When a user is a member of a role on a service, the user has the permissions assigned to the role.
- To activate the new service user, click Apply.
The user is added to the service immediately.
Replicate a User to Other Services
- In the Users tab, select a user and
> Replicate.
The Replicate Users to Other Services dialog is displayed. - Enter the user's password and confirm the password.
- Select each service to which you are replicating the user.
- Click Replicate.
The user account is added to each selected service.
Delete a Service User
- On the Users tab, select the Username and click
.
Security Analytics requests confirmation that you want to delete the selected user. - To confirm, click Yes.
The user is deleted from the service immediately.