Role-based access control in NetWitness Endpoint allows NetWitness Endpoint Administrators to more precisely control what information each user can access and manipulate by assigning a specifically configured role to each NetWitness Endpoint user.
Two static primary RBAC roles are defined within the NetWitness Endpoint UI. These static roles cannot be changed.
- ReadOnly – Restricted access to the NetWitness Endpoint UI in a limited, read-only mode
- Admin – Full administrative access with read/write/execute and the ability to create and manage additional roles
Additional user-defined roles may be created and granted any of the following 18 permissions:
- Agent Maintenance – Update or uninstall agents, reset driver
- Analyse – Analyse with Security Analytics / NetWitness, Analyse a module
- Basic Scan – Request or cancel a scan
- Certificates – Flag a certificate vendor as trusted, remove trusted flags, edit trusted status, edit trusted domains
- Configure – Configure connection, timezones, internet search engines, monitoring & external components, global parameters, administrative status, machine groups, update certificates
- Edit Module Status – Edit Blacklist/Whitelist status, edit trusted domains, modify status, modify comments, modify modules to block
- Forensices – Request files, request MFT, request full memory dump, reboot endpoint
- IIOC – Modify IIOCs: Clone, delete, edit, create new
- Import/Export – Export to Excel, standalone scan - export scan configuration, standalone scan – import scan data, import/export blacklist/whitelist file, RSA Live
- Module Related Tools – Module Analyser, MFT Viewer, Search with File Advisor, Google & Virus Total, Open in new module view, View certificates
- Modules Actions – Add to trusted domains, download to server, save a local copy, assign module, add to custom hashset
- Remediation – Reboot, remediate, show diagnostics, remove selection from database, module blocking
- Scan Groups – Configure groups, add machine to group, remove machine from a group
- Scan with External – Scan with yara or OPSwat
- Schedule Time Spec – Local to client, local to server, UTC
- Server Configuration – Commission new server, change DNS or IP, Decommission server, configure cloud
- Server Configuration Discovery – Start or pause discovery
- UI Related – Copy data, copy data with header, access dashboard, configure skins
Two default customizable roles are created upon UI installation and serve as a recommended starting point. Permissions appearing in strikethrough are absent from these default roles.
|NetWitness Endpoint L1 Analyst||NetWitness Endpoint L2 Analyst|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.