Technicians and Roles
EventLog Analyzer supports authorization and authentication at a local level and is compatible with third-party applications such as the Active Directory and the RADIUS server. It allows adding users in three realms (user roles) such as Admin, Operator, and Guest and also allows you to create custom user roles. The Admin realm has the highest order of privilege in the EventLog Analyzer server and UI. The Operator has limited access privileges which includes performing creation and deletion operations on the allotted resources. The Guest has read-only privilege on the allotted security resources. The custom user roles provide the flexibility to associate only the required permissions to a role and add users to these roles in accordance with the principle of least privilege (POLP).
An administrator can:
Adding technicians to EventLog Analyzer
To add new users, navigate to the Settings tab → Technicians and Roles → Add Technician. You can either add a user from Active Directory or add a local technician in EventLog Analyzer.
Adding technicians from Active Directory
To add a user from AD, you can either use the basic or the advanced options. If you use the basic option:
- Select the domain from which you want to add the users. Select a domain from the drop-down menu. The list of users from that domain is displayed. You can select the users you want to add.
- Click on Next. You have to select the role(s) for the users from the Roles drop-down menu. Please note that you can select more than one role for users.
- Select the device group(s) to add the users from the Select Device drop-down menu.
- Click on Add.
If you want to use the advanced options, click on the Switch to advanced options link. You can add users based on their Domain Groups and Domain OUs. The domain groups/OUs will be automatically discovered and displayed for the selected domain. Select the Domain Groups or Domain OUs and click on the Next button.
The Configure Schedule link synchronizes users in Active Directory with the users in EventLog Analyzer. You can configure a schedule for periodically importing users from domain groups and OUs by following the steps given below:
- Enter a name for the schedule.
- Specify the interval (in days) for running the scheduled automatic import.
- Click on the Save button or the Save and Run Now button if you wish the run the scheduled import right away.
Adding local technicians
In the Add Technician dialog box, click on +Add Local Technician.
- In EventLog Analyzer, navigate to Settings → Admin Settings → Technicians and Roles.
- In the Technicians page, click on +Add Technician.
- Enter a name for the technician in the Technician Name field.
- Enter a new password and confirm it in the respective fields.
- Enter the email address of the technician in the Email field.
- In the Roles drop-down box, choose the role(s) you want to assign to the technician. You can assign more than one role to the technician and permissions of all the selected roles will be assigned to the technician.
Select the required device group(s) from the Device Groups drop-down box and click on Add to assign a role to a technician.
How to manage EventLog Analyzer technicians?
- On the Manage Technician page, You can find the list of all the users of EventLog Analyzer and their respective roles.
- You can enable or disable a technician using the icons provided in the Actions column. You can delete and edit technicians by selecting them and navigating to the Manage drop-down menu and clicking on the desired action.
- To monitor the users of EventLog Analyzer, click on the View technician login history icon. This will give you the reports of the user activity. This report can be exported in PDF and CSV formats.
- You can click on the edit icon to update the technician details.
Creating custom user roles
EventLog Analyzer allows you to create custom user roles in addition to the default Admin, Operator, and Guest roles. Custom user roles enable you to have multiple user groups depending on the level of control and access that users need in EventLog Analyzer. Custom user roles help you adopt the principle of least privilege (POLP) while adding users and assigning roles to them.
Steps to create a Custom User Role
- In EventLog Analyzer, navigate to Settings → Admin Settings → Technicians and Roles.
- Click on the Manage Roles button.
- To create a new role, click on +Add New Role.
- In the Add New Role page, enter an appropriate role name in the Role Name field.
- Click on the Description link next to the Role Name field to enter a description for the role you want to create.
- You will see multiple tabs such as Home, Reports, Compliance, Correlation, Alerts, Settings, and Others. You can click on the checkbox provided for each of these tabs to allow the role to have all the permissions associated with the selected tabs. You can also navigate to each of these tabs individually and select the required permissions.
After choosing all the required permissions, click on Create to create the custom user role.
- Under the Home tab, you can see two sections: Dashboard and View the Log Sources. In the Dashboard section, you can allow users to view, and create and manage the dashboard. In the View the Log Source section, you can assign permissions to view device, application, and file integrity monitoring logs. You can also click on the checkboxes next to the Dashboard and View the Log Sources section to select all the options present under them.
- Under the Reports tab, you can specify if the user can view, schedule, and create reports by selecting the appropriate checkboxes. You can select all permissions associated with the Reports section by choosing General.
- Similarly, under the Compliance tab, you can choose if the user can view, create, and schedule compliance reports. You can click on the General checkbox if you want the user to have all permissions related to the Compliance tab.
- Under the Search tab, you can choose if you want to allow the user to perform search operations on the collected logs.
- Under the Correlation tab, you can find the Correlation and Activity Monitoring sections. In the Correlation section, you can choose if you want the role to view correlation reports, schedule them, and create and manage correlation rules and custom correlation actions. In the Activity Monitoring section, you can choose if the role can view and schedule activity monitoring reports, and create and manage activity monitoring rules.
- Under the Alerts tab, you can find three sections: Alerts, Incident Workflows, and Ticketing Tools. In the Alerts section, you can specify if you want the role to view generated alerts, and manage alert profiles and alert assigning rules by clicking on the appropriate checkbox. In the Incident Workflows section, you can select if the role can manage incident workflows. In the Ticketing Tools section, you can allow the role to configure ticketing tools.
- Under the Settings tab, you can find three tabs on the left pane: Log Source Configuration, Admin Settings, and System Settings. The Log Source Configuration tab contains multiple sections -- in which you can choose if you want the user to have permissions to configure and manage devices, applications, databases, virtual machines, and the File Integrity Monitoring component. In the Admin tab, you can choose whether the user can configure and manage domains, workgroups, and agents. In the System Settings tab, you can specify the permissions for managing general and system settings.
- Under the Others section, you can specify if the user can view product support related information, supported log sources, and notifications.
Viewing the User Roles
In EventLog Analyzer, you can view all the default and custom user Roles by navigating to Settings → Admin Settings → Technician and Roles → Manage Roles. The role names, descriptions, and the number of technicians associated with each role will be displayed in a table. The Actions column of the table contains Click to Copy, Edit, and Delete icons to enable you to perform the required management actions. The Click to Copy option allows you to copy the permissions associated with an existing role to a new role -- which you can later edit as per your needs.
Configure user audit notification
Notifications for selected actions can be configured by clicking on the notification icon in the top right corner of the Technician Audit page. Once the User Audit notification pop-up appears,
- Select the technician role(s) for which notification needs to be configured. Check the "ALL" option if the notification is required for all the three roles.
- Select the required actions from the dropdown provided.
- Enter the Email ID for which the notification has to be sent. In case of multiple Email IDs, enter the required Email IDs seperated by a comma.
- Enter the "Subject" for the notification in the column provided.
- Click on "Save"
- A new user audit notification will be configured.
To disable a notification:
- Click on "Notifications"
- Deselect the actions by clicking on the respective checkboxes.
- After deselecting, click on "Save"
The configured notification will be disabled.