-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update readme's for each role and remove create_index from lists priv…
…ilege for the soc manager role
- Loading branch information
Showing
8 changed files
with
30 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 4 additions & 3 deletions
7
...ion/server/lib/detection_engine/scripts/roles_users/platform_engineer/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
essentially a superuser for security solution | ||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Signals/Alerts | | ||
| :------------------------------------------: | :----------: | :------------------: | :---: | :--------------: | :------------: | | ||
| Platform Engineer (data ingest, cluster ops) | read, write | all | all | read, write | all | | ||
|
||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Action Connectors | Signals/Alerts | | ||
| :------------------------------------------: | :----------: | :------------------: | :---: | :--------------: | :---------------: | :------------: | | ||
| Platform Engineer (data ingest, cluster ops) | all | all | all | read, write | all | all | |
6 changes: 3 additions & 3 deletions
6
..._solution/server/lib/detection_engine/scripts/roles_users/rule_author/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
rule author has the same privileges as hunter with the additional privileges of uploading value lists | ||
|
||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Signals/Alerts | | ||
| :-----------------------------------------: | :----------: | :------------------: | :---------: | :--------------: | :------------: | | ||
| Rule Author / Manager / Detections Engineer | read, write | read | read, write | read, write | read, write | | ||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Action Connectors | Signals/Alerts | | ||
| :-----------------------------------------: | :----------: | :------------------: | :---------: | :--------------: | :---------------: | :------------------------------: | | ||
| Rule Author / Manager / Detections Engineer | read, write | read | read, write | read, write | read | read, write, view_index_metadata | |
6 changes: 3 additions & 3 deletions
6
..._solution/server/lib/detection_engine/scripts/roles_users/soc_manager/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
SOC Manager has all of the privileges of a rule author role with the additional privilege of creating the signals index and lists indices upon initial visit | ||
|
||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Signals/Alerts | | ||
| :---------: | :----------: | :------------------: | :-------------------------------: | :--------------: | :-------------------------------: | | ||
| SOC Manager | read, write | read | read, write, create_index, manage | read, write | read, write, create_index, manage | | ||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Action Connectors | Signals/Alerts | | ||
| :---------: | :----------: | :------------------: | :---------: | :--------------: | :---------------: | :-----------------: | | ||
| SOC Manager | read, write | read | read, write | read, write | all | read, write, manage | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 3 additions & 3 deletions
6
...y_solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Signals/Alerts | | ||
| :--------: | :----------: | :------------------: | :---: | :--------------: | :------------: | | ||
| T1 Analyst | read | read | read | read | read | | ||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Actions Connectors | Signals/Alerts | | ||
| :--------: | :----------: | :------------------: | :---: | :--------------: | :----------------: | :------------: | | ||
| T1 Analyst | read | read | none | read | read | read, write | |
7 changes: 3 additions & 4 deletions
7
...y_solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,5 @@ | ||
This role can view rules. Essentially there is no difference between a T1 and T2 analyst. | ||
|
||
|
||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Signals/Alerts | | ||
| :--------: | :----------: | :------------------: | :---: | :--------------: | :--------------: | | ||
| T2 Analyst | read | read | read | read | read, create_doc | | ||
| Role | Data Sources | SIEM ML Jobs/Results | Lists | Rules/Exceptions | Action Connectors | Signals/Alerts | | ||
| :--------: | :----------: | :------------------: | :---: | :--------------: | :---------------: | :------------: | | ||
| T2 Analyst | read | read | read | read | read | read, write | |