OC Admin Role Management and SIEM Administration

Only Administrators in the OC Admin can perform the actions described in this section.

When logged in as a member of a privileged role (ocAdmin is the default privileged account), the Admin button is visible.

Clicking this button leads to the following options:

• RBAC (Role-Based Access Control)
  
  • Manage roles and users in OC Admin.
• SIEM
  • Manage the connection to the SIEM Platform Manager or XM Appliance.

RBAC - Role Based Access Control

OC Admin's Role-Based Access Control (RBAC) is based on:

• Roles, which can be flagged as privileged or not.
• User Accounts, which belong to a role.

Manage User Accounts

To create or manage existing User Accounts:

1. From the main page, click the Admin button on the left-hand side of the screen.
2. Click the Manage User Accounts button.
   A list of existing user accounts appears.
   

   

Create a New User Account

To create a new user account, from the User Accounts list:

1. Click on either the + Add New Account button at the top of the list, or the + button on the right-hand side of the screen.

2. Enter the following information:

   Field	Description
   Username	Enter a unique username for the new account.
   Password	Enter a temporary password for the new account.
   Role	Select a Role from the drop-list.

3. Click the Add new User Account button.
   The new user account is added successfully.

Edit an Existing User Account

To edit an existing user account, from the User Accounts list:

1. Click the Edit icon in the Actions column for the account to be modified.
2. Make any changes as necessary.
3. Click Save.
   The user account is updated successfully.

Delete a User Account

To delete an existing user account, from the User Accounts list:

1. Click the Delete icon in the Actions column for the account to be deleted.
   A confirmation pop-up appears.
2. Click Yes to confirm the action.
   The account is deleted successfully.

Manage Roles

Roles can be used to determine whether or not a user account has the privileges to edit the Admin settings described on this page.

To create or manage existing Roles:

1. From the main page, click the Admin button on the left-hand side of the screen.
2. Click the Manage User Roles button.
   A list of existing roles appears.
   

   

Add a New Role

To create a new role, from the User Roles list:

1. Click on either the + Add New Role button at the top of the list, or the + button on the right-hand side of the screen.

2. Enter the following information:

   Field	Description
   Name	Enter a unique, descriptive name for this role.
   Is Privileged	Enable the toggle if this role should have administrative privileges.

3. Click the Add new User Role button.
   The new role is added successfully.

Edit an Existing Role

To edit an existing role, from the User Roles list:

1. Click the Edit icon in the Actions column for the role to be modified.
2. Make any changes as necessary.
3. Click Save.
   The role is updated successfully.

Delete a Role

To delete an existing role, from the User Roles list:

1. Click the Delete icon in the Actions column for the role to be deleted.
   A confirmation pop-up appears.
2. Click Yes to confirm the action.
   The role is deleted successfully.

Connecting OC Admin to the LogRhythm SIEM

OC Admin requires access to the SIEM for certain operations, such as listing and managing the Open Collector and OC Admin related log sources. To accomplish this, OC Admin needs the PM or XM address and SQL credentials.

Connect OC Admin to the SIEM Platform Manager or XM Appliance

To link OC Admin to the SIEM PM or XM, perform the following steps:

1. From the main page, click the Admin button on the left-hand side of the screen.
2. Click the Manage MS SQL Connection button.
   

   

3. Enter the following information:

   Field	Description
   Hostname (XM or Platform Manager)	Enter the hostname or IP address of the PM or XM.
   MS SQL Port	Enter the Microsoft SQL port, typically 1433.
   Username	Enter your SIEM username.
   Password	Enter your SIEM password.
   Encrypt traffic	Toggle whether to encrypt traffic between the OC Admin and the SIEM.

4. Click the Save button.

Prepare the SIEM Platform Manager or XM Appliance

To prepare the SIEM PM or XM to receive commands from OC Admin, the SIEM database must be updated with the latest stored procedures and views.

To make these updates, from the Admin settings page:

1. Click the Update Database button.
   

   

2. Provide the following privileged credentials for the one-time operation:

   Field	Description
   Username	Provide the username, typically "sa" or another MS SQL privileged account. This MS SQL account needs to have the permissions to create a new database, and create stored procedures and views within that database.
   Password	Provide the MS SQL password.

3. Click the Connect to and Update Database button on the right-hand side of the window.
4. Once the operation has finished, click the Refresh button in the Database Version Details section.
5. Verify that all items have completed successfully: