Account settings page
You edit user accounts on the Account settings page. This page is loaded after you click create on the Add account tab or clicked the icon for a specific user on the All accounts tab.
Edit a user account
Modify the currently selected user account. Assign a new password and update information such as the user's first and last name, email address, and default timezone.
Click the Save button to save any modified values.
When you have made all the needed changes to the user account, click the Back to accounts list link to exit.
Advanced settings
Any active account with the Administrator permission can be selected as the primary account.
The primary customer account is shown on the Admin pages → Accounts page → License information tab.
You can make the selected user the primary customer account. Click the icon to open the Advanced settings section. Then click the Make username the primary account button.
About roles
A Role defines a set of permissions that you can apply to user accounts on the User Portal. A set of built-in roles are provided.
Using the Lastline API, you can create custom roles.
Roles descriptions
- Administrator
-
This role is for an administrator. It provides full read-write access to all functions of the User Portal. This role has the following permissions:
- Administrator — Can manage users
- Analyst
-
This role is for a full-fledged analyst. A user with this role can view most of data on system and operate on network/detection data. This role has the following permissions:
- Can access alerts
- Can access analyzed files
- Can access pcaps
- Can access sensitive analyzed files
- Can be workflow assignee
- Can manage custom threat intelligence entries
- Can manage intelligence alerting rules
- Can manage labels
- Can manage appliances
- Can view benign emails
- Can view custom threat intelligence entries
- Can view emails
- Can view intelligence alerting rules
- Read only
-
This role is for read-only access. It provides broad access to view the configuration and detection data, but no ability to make any kind of modifications. This role has the following permissions:
Add roles
The Roles section allows you to set or remove the roles assigned to selected user account. See About roles for details about the different roles available.
Roles are automatically saved as they are granted or revoked.
Click the add roles button to add a role to a user account. In the roles dialog, select the Administrator, Analyst, or Read only role to be added. You can assign more than one role to a user.
Remove roles
To remove a role, click on the role to be removed. In the Confirm role removal prompt, click Remove role.
About permissions
Permissions define the specific system access rights granted to a user. These permissions can be fined tuned to different levels of granularity. Editing an account allows you to set specific permissions for each user.
Permissions are tiered. Each permission tier supersedes the tier below.
- Customer
-
Permissions set on the customer tier will grant an account these permissions globally across your environment and on all licenses and subkeys.
- License
-
Permissions set on a license will grant an account these permissions on that license and all its subkeys.
See About licenses for details about licensing.
- Subkey
-
Permissions set on a subkey will grant an account permissions on that subkey only.
See About licenses for details about licensing.
Permission descriptions
- Administrator
-
Tiers: Customer
Allows a user to manage other user accounts, such as creating new accounts, modifying or blocking existing accounts, and changing the password of other accounts. It also allows a user to manage licensing. This includes editing license details as well as creating new Sensor subkeys.
The Administrator permission implies all other permissions, so administrator accounts can perform all operations available through the User Portal and API.
- Can access alerts
-
Tiers: Customer License Subkey
Allows a user to view alerts and statistics from protected networks. It also allows viewing the status, monitoring logs and metrics from Sensor appliances. This permission can be granted globally, or limited to specific licenses or subkeys.
- Can access analyzed files
-
Tiers: Customer
Allows a user to download the original files submitted for analysis, when these are of a file type that is considered less sensitive, such as executables and scripts.
- Can access Kibana
-
Tiers: Customer
Allows a user to access network traffic analysis records using the Kibana visualization tool.
- Can access pcaps
-
Tiers: Customer License Subkey
Provides access to additional information collected from a protected network. Currently, this controls access to traffic captures (PCAPS) as well as the associated DNS data.
This permission can be granted globally, or limited to specific licenses or subkeys. It can be granted in addition to Can access alerts.
- Can access sensitive analyzed files
-
Tiers: Customer
Allows a user to download the original files submitted for analysis when these are of a file type that is considered more sensitive, such as Office or PDF documents.
This permission can be granted in addition to Can access analyzed files.
- Can be workflow assignee
-
Tiers: Customer License Subkey
Ability to be assignee for workflow items (for example, campaigns).
- Can manage appliances
-
Tiers: Customer License Subkey
Allows a user to view and manage appliance configurations. It also allows a user to install new appliances, as well as re-register or de-register existing appliances.
This permission can be granted in addition to Can view appliances.
- Can manage custom threat intelligence entries
-
Tiers: Customer
Ability to manage custom intelligence entries.
- Can manage intelligence alerting rules
-
Tiers: Customer
Permission to manage rules set to alert a customer when a matching artifact is indexed by the intelligence platform.
- Can manage labels
-
Tiers: Customer License Subkey
Controls access to several features:
-
Allows a user to make use of the incident workflow functionality available in the incidents tab, such as the ability to close and open incidents.
-
Allows a user to configure network-related display settings. These are the Home Network, the silenced IP Range and the host labels.
-
Allows a user to configure notification integrations for sending notification by email, syslog, or other mechanisms when an event happens.
-
Allows a user account to push detection information about a monitored network into the system through the Push Detection API. This can be used for integration with third party products.
This permission can be granted globally, or limited to specific licenses or subkeys.
-
- Can set password
-
Tiers: Customer
Allows the user to set, change, or reset the account password. This permission is usually set by default.
- Can view appliances
-
Tiers: Customer License Subkey
Allows a user to view the status of appliances. This includes access to the status, log, and metrics views of the appliance management UI.
- Can view benign emails
-
Tiers: Customer
Ability to view information about benign emails observed in a protected network.
- Can view custom threat intelligence entries
-
Tiers: Customer
Ability to get a listing of all custom threat intelligence entries and full information on individual entries.
- Can view emails
-
Tiers: Customer License Subkey
Ability to view information about emails observed in a protected network.
- Can view intelligence alerting rules
-
Tiers: Customer
Ability to view matches and rules set to alert a customer when a matching artifact is indexed by the intelligence platform.
Add Permissions
The Permissions section allows you to modify the individual permissions for selected user account. See About permissions for details about the different permissions available.
Permissions are automatically saved as they are granted or revoked.
To add a permission to a specific permission tier (customer, license, or subkey), click the large add permission button for the tier. In the permission dialog, select the permissions to be added.
Initially only the Customer tier of permissions are displayed.
License tier
To add the License tier, click , select a License from the pull-down menu, and click Select license. The Add license permission dialog is displayed, allowing you to add permissions for the selected license.
You can add multiple licenses up to the number of available licenses.
Subkey tier
To add the Subkey tier, click , select a License and Sensor from the pull-down menus, and click Select subkey. The Add subkey permission dialog is displayed, allowing you to add permissions for the selected sensor.
You can add multiple subkeys.
Remove Permissions
To remove a permission, click on the permission to be removed. In the Confirm permission removal prompt, click Remove permission.
License tier
To remove an entire License group, click the . This removes all permissions associated with that license.
Subkey tier
To remove an entire Subkey group, click the . This removes all permissions associated with that subkey.