Groups Permission

LogicHub provides the following permissions, along with a description of each permission type, as well as the category to which it belongs.

Administrative Permissions

Permission

Description

Type

User Management

Allows you to manage people who can use LogicHub.

List: This allows you to view the entities created by you and those that are shared with you.
Create: This allows you to view the entities created by you, those that are shared with you, and create new entities. Also, allows you to manage users and groups.
Admin: This allows you to view or edit all the entities created by any user and also create new entities. Can also use the single sign-on option and all other permissions of create.

Platform Permissions

Permission

Description

Type

Kibana

Allows you to use the LogicHub SIEM platform for querying your data sources.

Access: Allows users to access Kibana.

Content Permissions

Permission

Description

Type

Case Management

Allows you to track activity related to investigations of threats and other security issues.

Admin: All users that have permission on a case type can view and edit fields, tasks or comments.
User: User of Case Management need to be assigned permission to individual case types to view/edit that case type.

Connection

Allows you to import data into LogicHub from SIEMs, Elastic Search, File, or a Directory.

List: Allows you to view and manage permissible connections.
Create: Allows you to create a new connection and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all connections in your organization.

Integration Connection

Allows you to exchange data/automate actions in supported third-party applications.

List: Allows you to view and manage integration instances.
Create: Allows you to create a new integration instance and all the List permissions.
Admin: Allows you to view, manage, and create all permissions on all integration instances in your organization.

Dashboard

Allows you to visualize data from Playbooks or Files.

List: Allows you to view and manage permissible dashboards.
Create: Allows you to create a new dashboard and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all dashboards in your organization.

Playbook

Codifies a security analyst's intelligence to analyze the imported data.

List: Allows you to view and manage permissible playbooks.
Create: Allows you to create playbooks and all the List permissions.
Admin: Allows you to view or edit all the entities created by any user and also create new entities.

Command

This is a type of playbook that executes on-demand based on inout arguments.

List: Allows you to view and manage permissible commands.
Create: Allows you to create a command and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all commands in your organization.

Event Type

This is a query to import data into LogicHub from a connection.

List: Allows you to view and manage permissible event types.
Create: Allows you to create a new event type and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all event types in your organization.

Destination

Receives the results of playbooks to a connection.

List: Allows you to view and manage permissible destinations.
Create: Allows you to create a new destination and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all destinations in your organization.

Custom List

Stores and reuses the data from any playbook in others.

List: Allows you to view and manage permissible custom list.
Create: Allows you to create a new custom list and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all custom list in your organization.

Stream

Automates your playbook by executing it in batches at preset intervals.

List: Allows you to view and manage permissible streams.
Create: Allows you to create a new stream and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all streams in your organization.

Baseline

Serves as a reference of normal IT activities. Can be created from and used in playbooks.

List: Allows you to view and manage permissible baselines.
Create: Allows you to create a new baseline and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all baselines in your organization.

User Form

Request input from users and automatically include the responses in a case or playbook

List: Allows you to view and manage permissible User Forms.
Create: Allows you to create a new User Form and all the List permissions.
Admin: Allows you to view, create, and manage all permissions on all User Forms in your organization.


Did this page help you?