Groups Permission
LogicHub provides the following permissions, along with a description of each permission type, as well as the category to which it belongs.
Administrative Permissions
| Permission | Description | Type |
|---|---|---|
| User Management | Allows you to manage people who can use LogicHub. | List: This allows you to view the entities created by you and those that are shared with you. Create: This allows you to view the entities created by you, those that are shared with you, and create new entities. Also, allows you to manage users and groups. Admin: This allows you to view or edit all the entities created by any user and also create new entities. Can also use the single sign-on option and all other permissions of create. |
Platform Permissions
| Permission | Description | Type |
|---|---|---|
| Kibana | Allows you to use the LogicHub SIEM platform for querying your data sources. | Access: Allows users to access Kibana. |
Content Permissions
| Permission | Description | Type |
|---|---|---|
| Case Management | Allows you to track activity related to investigations of threats and other security issues. | Admin: All users that have permission on a case type can view and edit fields, tasks or comments. User: User of Case Management need to be assigned permission to individual case types to view/edit that case type. |
| Connection | Allows you to import data into LogicHub from SIEMs, Elastic Search, File, or a Directory. | List: Allows you to view and manage permissible connections. Create: Allows you to create a new connection and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all connections in your organization. |
| Integration Connection | Allows you to exchange data/automate actions in supported third-party applications. | List: Allows you to view and manage integration instances. Create: Allows you to create a new integration instance and all the List permissions. Admin: Allows you to view, manage, and create all permissions on all integration instances in your organization. |
| Dashboard | Allows you to visualize data from Playbooks or Files. | List: Allows you to view and manage permissible dashboards. Create: Allows you to create a new dashboard and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all dashboards in your organization. |
| Playbook | Codifies a security analyst's intelligence to analyze the imported data. | List: Allows you to view and manage permissible playbooks. Create: Allows you to create playbooks and all the List permissions. Admin: Allows you to view or edit all the entities created by any user and also create new entities. |
| Command | This is a type of playbook that executes on-demand based on inout arguments. | List: Allows you to view and manage permissible commands. Create: Allows you to create a command and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all commands in your organization. |
| Event Type | This is a query to import data into LogicHub from a connection. | List: Allows you to view and manage permissible event types. Create: Allows you to create a new event type and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all event types in your organization. |
| Destination | Receives the results of playbooks to a connection. | List: Allows you to view and manage permissible destinations. Create: Allows you to create a new destination and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all destinations in your organization. |
| Custom List | Stores and reuses the data from any playbook in others. | List: Allows you to view and manage permissible custom list. Create: Allows you to create a new custom list and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all custom list in your organization. |
| Stream | Automates your playbook by executing it in batches at preset intervals. | List: Allows you to view and manage permissible streams. Create: Allows you to create a new stream and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all streams in your organization. |
| Baseline | Serves as a reference of normal IT activities. Can be created from and used in playbooks. | List: Allows you to view and manage permissible baselines. Create: Allows you to create a new baseline and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all baselines in your organization. |
| User Form | Request input from users and automatically include the responses in a case or playbook | List: Allows you to view and manage permissible User Forms. Create: Allows you to create a new User Form and all the List permissions. Admin: Allows you to view, create, and manage all permissions on all User Forms in your organization. |
Updated 7 months ago