Glosario de trminos User Roles Defense Center

User Account Privileges

The following sections provide a list of the configurable user permissions in the Sourcefire 3D System and the user roles that can access them. The permissions listed here follow the order of the Menu Based Permissions list that appears when you create a custom user role. Not all permissions are available on managed devices; permissions available only on the Defense Center are marked accordingly. Note that because the DC500 Defense Center and Series 2 devices support restricted features sets, not all permissions are applicable to these appliances. See the Supported Capabilities by Appliance Model table for a summary of Series 2 appliance features. For more information on the access notations used in the tables that follow and throughout this documentation, see Access Conventions. The following sections refer to the user role privileges associated with each main menu in the webbased interface: Overview Menu Analysis Menu Policies Menu Devices Menu FireAMP Devices Menu Health Menu System Menu Help Menu User Roles Defense Center Overview Dashboards Manage Dashboards Appliance Info Widget Appliance Status Widget Correlation Events Widget Current Interface Status Widget Current Sessions Widget Custom Analysis Widget Disk Usage Widget Descripcin

User Roles Defense Center Interface Traffic Widget Intrusion Events Widget Network Correlation Widget Product Licensing Widget Product Updates Widget RSS Feed Widget System Load Widget System Time Widget White List Events Widget Reporting Manage Report Templates Summary Intrusion Event Statistics Intrusion Event Performance Intrusion Event Graphs Discovery Statistics Discovery Performance Connection Summary Analysis Application Statistics Geolocation Statistics User Statistics URL Category Statistics URL Reputation Statistics Intrusion Event Statistics by Application Intrusion Event Statistics by User Security Intelligence Category Statistics Context Explorer Connection Events Modify Connection Events Restrictive Search Connection Summary Events Modify Connection Summary Events Restrictive Search Intrusion Events Modify Intrusion Events Restrictive Search View Local Rules Reviewed Events

Descripcin

User Roles Defense Center Clipboard Incidents Malware Events Modify Malware Events Restrictive Search File Events Modify File Events Restrictive Search Hosts Network Map Hosts Modify Hosts Servers Modify Servers Vulnerabilities Host Attributes Modify Host Attributes Hosts Modify Hosts Restrictive Search Applications Restrictive Search Application Details Modify Application Details Restrictive Search Servers Modify Servers Restrictive Search Host Attributes Modify Host Attributes Restrictive Search Host Attribute Management Discovery Events Modify Discovery Events Restrictive Search Users User Activity Modify User Activity Events Restrictive Search Users

Descripcin

User Roles Defense Center Modify Users Restrictive Search Vulnerabilities Vulnerabilities Modify Vulnerabilities Restrictive Search Third-party Vulnerabilities Modify Third-party Vulnerabilities Restrictive Search Correlation Correlation Events Modify Correlation Events Restrictive Search White List Events Modify White List Events Restrictive Search White List Violations Restrictive Search Remediation Status Modify Remediation Status Restrictive Search Custom Custom Workflows Manage Custom Workflows Custom Tables Manage Custom Tables Search Manage Search Bookmarks Manage Bookmarks Policies Access Control Access Control List Modify Access Control Policy Modify Administrator Rules Modify Root Rules Apply Intrusion Policies Apply Access Control Policies Intrusion Intrusion Policy

Descripcin

User Roles Defense Center Modify Intrusion Policy Rule Editor Email File Policy Modify File Policy Network Discovery Modify Network Discovery Apply Network Discovery Custom Fingerprinting Custom Topology Application Detectors User 3rd Party Mappings Custom Product Mappings Users Correlation Policy Management Rule Management White List Traffic Profiles Actions Alerts Impact Flag Alerts Discovery Event Alerts Scanners Scan Results Modify Scan Results Restrictive Search Groups Modules Instances Devices Device Management Modify Devices Apply Device Changes NAT NAT List Modify NAT Policy Apply NAT Rules VPN Modify VPN

Descripcin

User Roles Defense Center Apply VPN Changes Object Manager FireAMP Health Health Policy Modify Health Policy Apply Health Policy Health Events Modify Health Events Restrictive Search System Local Configuration Registration High Availability eStreamer Host Input Client User Management Login Authentication System Policy Modify System Policy Apply System Policy Updates Rule Updates Rule Update Import Log Restrictive Search Licenses Monitoring Audit Modify Audit Log Restrictive Search Syslog Task Status View Other Users' Tasks Statistics Tools Backup Management Restore Backup Scheduling Delete Other Users' Scheduled Tasks

Descripcin

User Roles Defense Center Import/Export Discovery Data Purge Whois

Descripcin

Access Conventions
The Access statement at the beginning of each procedure in this documentation indicates the predefined user role required to perform the procedure. A forward slash separating roles indicates that any of the listed roles can perform the procedure. The following table defines common terms that appear in the Access statement. Access Conventions

Access Term

Indicates

Access Admin

User must have the Access Control Admin role

Admin

User must have the Administrator role

Any

User can have any role

Any/Admin

User can have any role, but only the Administrator role has unrestricted access (such as the ability to view other users data saved as private)

Any Security Analyst

User can have either the Security Analyst or Security Analyst (Read Only) role

Database

User must have the External Database role

Discovery Admin

User must have the Discovery Admin role

Intrusion Admin

User must have the Intrusion Admin role

Maint

User must have the Maintenance User role

Network Admin

User must have the Network Admin role

Security Analyst

User must have the Security Analyst role

Security Approver

User must have the Security Approver role

Users with custom roles may have permission sets that differ from those of the predefined roles. When a predefined role is used to indicate access requirements for a procedure, a custom role with similar permissions also has access. For more information on custom user roles, see Managing Custom User Roles.

Managing Custom User Roles

LICENSE: Any
In addition to the predefined user roles, you can also create custom user roles with specialized access privileges. Custom user roles can have any set of menu-based and system permissions, and may be completely original or based on a predefined user role. Like predefined user roles, custom roles can serve as the default role for externally authenticated users. Unlike predefined roles, you can modify and delete custom roles. Selectable permissions are hierarchical, and are based on the Sourcefire 3D System menu layout. Permissions are expandable if they have sub-pages or if they have more fine-grained permissions available beyond simple page access. In that case, the parent permission grants page view access and the children granular access to related features of that page. For example, the Correlation Events permission grants access to the Correlation Events page, while the Modify Correlation Events check box allows the user to edit and delete the information available on that page. Permissions that contain the word Manage grant the ability to edit and delete information that other users create. You can apply restricted searches to a custom user role. These constrain the data a user may see in the event viewer. You can configure a restricted search by first creating a private saved search and selecting it from the Restricted Search drop-down menu under the appropriate menu-based permission. For more information, see Performing a Search. When you configure a custom user role on a Defense Center, all menu-based permissions are available for you to grant. When you configure a custom user role on a managed device, only some permissions are available those relevant to device functions. For more information on the menu-based permissions you can configure and their relationship with predefined user roles, see:

Analysis Menu Policies Menu Devices Menu Object Manager Health Menu System Menu Help Menu
The selectable options under System Permissions allow you to create a user role that can make queries to the external database or escalate to the permissions of a target user role. For more information, see Enabling Access to the Database and Managing User Role Escalation.

Optionally, instead of creating a new custom user role, you can export a custom user role from another appliance, then import it onto your appliance. You can then edit the imported role to suit your needs before you apply it. For more information, see Exporting Objects and Importing Objects.