Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Sec/User Mgmt: Review the Preconfigured NetWitness Platform Roles

Document created by RSA Information Design and Development Employee on Aug 29, 2018Last modified by RSA Information Design and Development Employee on Sep 8, 2020
Version 14Show Document
  • View in full screen mode
 
 

To simplify the process of creating roles and assigning permissions, there are preconfigured roles in NetWitness Platform.

                                               
RolePermission

Administrators

Full system access. The System Administrators persona is granted all permissions by default.

Analysts

Access to meta and session content but not to configurations. The Security Operation Center (SOC) Analysts persona is centered around investigation, ESA Alerting, Reporting, and Respond, but not system configuration.

Reporting_Engine_Content_Administrators

Access to manage the Live content. Users with the Reporting Engine Content Administrator role can deploy Reporting Engine content (rules, reports, charts, and lists) from Live Content, view and manage permissions to the deployed content in Reporting Engine.

Data_Privacy_Officers

The Data Privacy Officer (DPO) persona is similar to Administrators with additional focus on configuration options that manage obfuscation and viewing of sensitive data within the system (see the Data Privacy Management Guide). Users with the DPO role can see which meta keys are flagged for obfuscation, and they also see obfuscated meta keys and values created for the flagged meta keys.

Malware_Analysts

Access to investigations and malware events. The only access granted to the Malware Analysts persona is the Malware Analysis module.

Operators

Access to configurations but not to meta and session content. The System Operators persona is focused on system configuration, but not investigation, ESA, Alerting, Reporting, and Respond.

Respond_Administrator

Access to all Respond permissions. The Respond Administrator persona is focused on system configuration of Respond.

SOC_Managers

Same access as Analysts plus additional permission to handle incidents. The SOC Managers persona is identical to Analysts, but with permissions necessary to configure Respond.

UEBA_Analysts

Access to the RSA NetWitness UEBA service in the Investigate > Users view. NetWitness UEBA is an advanced analytics solution for discovering, investigating, and monitoring risky behaviors across all entities in your network environment.

Note: You do not need to set up specific permissions for this role. You only need to assign this role to a user, and that user will have access to NetWitness UEBA.

The administrator can also add custom roles.

You are here
Table of Contents > Manage Users with Roles and Permissions > Review the Preconfigured NetWitness Platform Roles

Attachments

    Outcomes