Restricted Administrator security roles can be customized by granting access to many administrative functions this role does not normally have access to.
-
On the main toolbar, click Deployment Manager.
-
On the Tools menu, click Administration, and then click User Profile Manager.
The User Profile Manager window appears and lists the existing User Profiles. -
Click an existing user profile to select it, and then click Properties.
-
Click the Management Permissions tab.
-
Expand the fields or use the search field to find the administrative function you want to grant access to.
-
Select a level of access to grant.
-
View. The user profile can view the data and configurations but cannot make any changes.
-
Manage. The user profile can view and make changes to the data and configurations.
Some permissions are dependent upon each other. For example, you need access to Manage AI Engines and Manage AI Engine Rules before you can access Manage AI Engine Rule Actions. If you grant access to AI Engine Rule Actions, in this example, the others are automatically checked, as shown below.
Entities
Display/Manage Entities
Add, delete, and modify entities in the deployment
Use the Entities Re-organization Wizard to migrate host and network records between entities
System Monitor
Display/Manage System Monitor Agents
Manage System Monitor Lite and Pro Agents to collect and forward log data to Data Processors
Manage Data Loss Defender Policies
Configure a System Monitor agent to monitor and log the connection and disconnection of external data devices to the host computer where the Agent is running
Manage File Integrity Monitor Policies
Configure a System Monitor agent to monitor critical database and application files for unauthorized changes
Manage Real Time Integrity Monitor Policies
Configure FIM to use an event-driven model that provides real-time accuracy and enables precise user identification
Display/Manage System Monitor Configuration Policy Manager
Use policy-based management of System Monitor agents to configure how the Data Processor processes logs sent from the Agents
Manage Agent Upgrade Packages
Use the System Monitor Package Manager to schedule automatic updates for multiple System Monitors at one time
Network Monitor
Manage Network Monitors
Add, delete, and modify Network Monitors in the deployment
Log Sources
Display/Manage Log Sources
Create, modify, and manage log sources to collect data from hosts
Manage the Windows Host Wizard to configure LogRhythm to collect Windows Event logs
Manage Log Source Types
Create, modify, and manage log source types to classify logs that come from common hardware or have the same data format and operate under the same processing rules
Manage Automatic Log Source Configuration
Manage the existing SNMP management infrastructure to specifically identify devices on the network
Manage Log Virtualization Template Policies
Create, modify, and manage templates to consume all the available intelligence within individual log source files that contain multiple records from different sources
Manage Automatic Log Source Acceptance Rules Create, modify, and manage rules to automatically resolve log source hosts, identify log source types, and accept log sources through the IP address of a new Log Source or through regular expression pattern matching
Data Processing
Manage Data Processors
Manage the Data Processor to control how logs are sent to the Indexer, the Indexer reads information from the EMDB, and the Client Console and Web Console issue queries about logs to the Indexer
Manage Log Processing Policies
Manage how your deployment parses, calculates, and derives information from raw log data and presents it in a way that makes it easier to analyze
Manage MPE Rules
Use the MPE Rule Builder to create rules that identify the pattern of a log and isolate interesting pieces of metadata
Manage Common Events
Use the Common Event Change Manager to make appropriate updates based on user input for common events that have been modified
Manage Applications
Use the Application Manager to define an application and its ports and protocols so that MPE rules can identify a log origin
Manage Common Event Change Manager
Control the migration of the Common Events in your affected objects (system objects with custom filters and custom objects)
Manage Data Masking Rules
Create, modify, and manage rules to control which log message have their data transformed into a more useable format or masked to hide sensitive or regulated data
Manage Global Log Processing Policies
Create, modify, and manage policies to apply Data Management settings across all Data Processors, Log Sources and Log Processing Policies to logs that meet your specific criteria
Manage Data Processor Pool Manager
Create, modify, and manage DP pools.
AI Engine
Manage AI Engines
Manage how the AI Engine receives logs, applies AI Engine rules, generates events, and provides diagnostic data
Manage AI Engine Rules
Create, modify, and manage AI Engine rules based off logs, thresholds, unique values, and behaviors
Manage AI Engine Rule Actions
Manage the actions that take place after an AI Engine rule fires
Lists and Filters
Display/Manage Lists
Create, modify, and view all lists in the deployment
Manage Composite Filters
Create, modify, and manage composite filters through the Filter Manager under the Administration menu
Search and Report
Display and Run Investigations
Access all Investigations in the deployment to view logs and events collected in near-real-time from both the Data Processor and Platform Manager Databases
Display and Run Tails
Access all Tails in the deployment to query for new logs and update your log/event list in real-time
Manage Report Templates, Reports, and Report Packages
Modify and run all Report Templates, Reports and Report Packages in the deployment as needed
Manage Scheduled Jobs for Reports
Manage recipients, subject lines, report periods, and report schedules in the Scheduled Report Job Manager
Manage SecondLook
Create and run searches to restore archived logs for the purpose of further review in LogRhythm
Monitor and Alarm
Manage Alarm Rules
Create, modify, and manage alarm rules to control which events incur alarms
Manage Alarm Rule Actions
Manage the actions that take place after an Alarm rule fires
Manage Notifications
Specify the method of Alarm notification, recipients, and information that is included, as well as throttle the number of notifications in an allotted time
Display Personal Dashboard
Configure Personal Dashboard filters and displays
Display Personal Alarms
Access Alarms from the Alarm List on the Personal Dashboard
Manage Global AI Engine Events
Manage AI Engine events that span different Entities
Display Alarm Viewer
View alarms generated by LogRhythm, track alarm history, and update alarm statuses
Automate and Orchestra
Manage Smart Response Plug-Ins
Use the SmartResponse Plugin Manager to control the execution of preventative actions when threatening activity is observed
Manage LogRhythm Case Management
Manage Cases in the Web Console
Users
Manage People and Users
Create, modify, and manage Person Records so users can log in with personal credentials
Manage User Profiles
Create, modify, and manage User Profiles to group access permissions for hosts and log sources so they can be assigned to more than one user at a time
Manage User Preferences
Manage User Preference settings
Manage Active Directory
Sync, manage, and search Active Directory users and groups
Manage Object Permissions
Set new read and write access permissions for an object (investigation, tail, list, or alarm rule) and to assign it to a new owner and/or entity
Manage Security Manager
View a list of logins for the deployment
General Administration
Deployment Manager Access the Deployment Manager to configure and manage LogRhythm components and functionality such as alarming and reporting
Manage Platform Managers
Use the Platform Manager to configure properties that affect the SQL Server, the LogRhythm Alarming and Response Manager (ARM) service, the LogRhythm Job Manager service, events, configuration and licensing information, the LogRhythm Knowledge Base, and LogMart
Manage CloudAI Access
Access CloudAI in the Web Console
Import and Manage Knowledge Base
Import and update Knowledge Base modules, and manage the synchronization settings
Manage TrueIdentity
Manage collections of identifiers, such as logins and email addresses, that comprise a single identity
LogRhythm API Access
Access the LogRhythm SOAP API, the Admin API, and the Case Management API
Manage License File Import
Import a LogRhythm license file if your evaluation period has expired, you upgrade to a version not supported by your current license, or you purchase add-on components
Display License Report
View the LogRhythm License Report, which shows a list of licenses grouped by type, along with values for the total quantity purchased, the number assigned, and the remaining available. This also includes the License Metering Report, which displays MPS rates and overages for the period
Database Usage Widget (Web Console)
Monitor database levels by showing the percentage of each database that is currently being used
Component Status Widget (Web Console)
See whether all components of your deployment are running without having to load the Client Console
Processing Widget (Web Console)
View charts representing the processing rates of any one of the following data sets: Log Rate, AI Engine Rate, Event Rate, Alarm Rate, and AI Engine Event Rate
Threat Activity Map Widget (Web Console)
View the geographical origin of log data in your deployment, as well as which locations are impacted by log data in your deployment.
Manage Case Widgets (Web Console)
View the following Case Widgets in the Web Console: Case Metrics Trend, Case Trend by Status, and Case Trend by Priority.
Manage All Cases (Web Console)
View all cases in the Web Console, even when you are not a case owner or case collaborator.
-
-
To return to any of the previous tabs click Back, or click OK to save the profile and close the User Profile Properties dialog box.