Role Based Access Control (RBAC)

LogicHub supports Role Based Access Control (RBAC) to control access to LogicHub functionality and to limit the data that users may view. To manage users and groups, you must have the Administrator role or your role must have been assigned the manage users and groups permissions.
With RBAC, you do not assign permissions directly to users. Instead, you assign permissions to groups, and then assign groups to users.

📘

In LogicHub, roles are called Groups.

Specifically, when you create a group, you assign it a set of permissions. A permission is the right to perform a particular function in LogicHub, for instance “Manage Users” and “Manager Groups”.

Create and Manage Groups (Roles)

This section has instructions for creating and managing LogicHub groups. The groups you assign to a user control what LogicHub permissions are available to the user and what log data the user can access. This functionality is referred to as role-based access control.

Built-in Administrator and Everyone Group

There are two built-in groups in the LogicHub account: Administrator and Everyone.

  • The Administrator group is a super user. It has all of the capabilities that can be assigned to a group, and provide permissions for the users in LogicHub. In admin group, you will be able to edit only add new users or remove users; however, you will not be able to delete the admin group.
  • In the Everyone group, you can only edit the Everyone group to assign new permissions, and the Everyone group cannot be deleted.

Create a Group

User groups allow you to share content with selected sets of users and to assign cases and case tasks to multiple users at once. You can assign users to a group when creating or editing the group or when adding or editing the user account.

To create a new group and assign permissions:

  1. Go to Settings > User Management on the left navigation.
  2. Click on the Groups tab.
  3. Click New Group on the upper-right corner.
    • A Create a New Group pop-up window opens up. Enter the following details:
      • Name: Enter a name to identify the group.
      • Add Users: Select or enter a single user or multiple users' names to add to the group. To remove a user, hover over the name and click X.
      • Assign Permissions: Select one or more entity permission sets. To remove a selection, hover over the entry and click X. Then select the level of permission for each set:
        • List: Allows you to view the entities created by you and those that are shared with you.
        • Create: Allows you to view the entities created by you, those that are shared with you, and create new entities.
        • Admin: Allows you to view or edit all the entities created by any user and also create new entities.
  4. After you've finished filling out all of the fields, click Save.

Create a User

  1. Go to Settings > User Management on left navigation.
  2. Click on the Users tab.
  3. Click New User to create a new user.
    • A Create a New User pop-up window opens up. Enter the following details:
      • Name: Enter a username to uniquely identify the user
      • Email: Enter the user's email address.
      • Add to Groups: Choose one or user groups to assign the user to. Groups determine the user's access to LogicHub entities such as playbooks and dashboards. For instructions on creating user groups, see Create User Groups.
      • Authentication: Choose an authentication option.
        • The password option is available for all users. If your organization uses single sign-on for authentication, configure those settings before setting up users.
  4. After you've finished filling out all of the fields, click Save.
    • The user account is created successfully.
      • If the password option was selected, an auto-generated password is displayed. Copy the password and provide it to the user. The user will be prompted to change the password upon initial sign-in.

Group Permissions

LogicHub provides the following permissions, along with a description of each permission type, as well as the category to which it belongs.

Administrative Permissions

Permission

Description

Type

User Management

Allows you to manage people who can use LogicHub.

  • List: Allows you to view the entities created by you and those that are shared with you.
  • Create: Allows you to view the entities created by you, those that are shared with you, and create new entities. Also, allows you to manage users and groups.
  • Admin: Allows you to view or edit all the entities created by any user and also create new entities. Can also use single sign on option and all other permissions of create.

Platform Permissions

Permission

Description

Type

Kibana

Allows you to use the LogicHub SIEM platform for querying your data sources.

Access: Allows users to access Kibana.

Content Permissions

Permission

Description

Type

Connection

Allows you to import data into LogicHub from SIEMs, Elastic Search, File, or a Directory.

  • List: Allows you to view and manage permissible connections.
  • Create: Allows you to create new connection and all permissions of list.
  • Admin: Allows you to view, create, and manage all permissions on all connections in your organization.

Integration Connection

Allows you to exchange data/automate actions in supported third-party applications.

  • List: Allows you to view and manage integration instances.
  • Create: Allows you to create new integration instance and all permissions of list.
  • Admin: Allows you to view, manage, and create all permissions on all integration instances in your organization.

Dashboard

Allows you to visualize data from Playbooks or Files.

  • List: Allows you to view and manage permissible dashboards.
  • Create: Allows you to create new dashboard and all permissions of list.
  • Admin: Allows you to view, create, and manage all permissions on all dashboards in your organization.

Playbook

Codifies a security analyst's intelligence to analyze the imported data.

  • List: Allows you to view and manage permissible playbooks.
  • Create: Allows you to create playbooks and all permissions of list.
  • Admin: Allows you to view or edit all the entities created by any user and also create new entities.

Command

This is a type of playbook that executes on demand based on inout arguments.

  • List: Allows you to view and manage permissible commands.
  • Create: Allows you to create command and all permissions of list.
  • Admin: Allows you to view, create, and manage all permissions on all commands in your organization.

Event Type

This is a query to import data into LogicHub from a connection.

  • List: Allows you to view and manage permissible event types.
  • Create: Allows you to create new event type and all permissions of list.
  • Admin: Allows you to view, create, and manage all permissions on all event types in your organization.

Destination

Receives the results of playbooks to a connection.

  • List: Allows you to view and manage permissible destinations.
  • Create: Allows you to create new destination and all permissions of list.
  • Admin: Allows you to view, create, and manage all permissions on all destinations in your organization.

Custom List

Stores and reuses the data from any playbook in others.

  • List: Allows you to view and manage permissible custom list.
  • Create: Allows you to create new custom list and all permissions of list
  • Admin: Allows you to view, create, and manage all permissions on all custom list in your organization.

Stream

Automates your playbook by executing it in batches at preset intervals.

  • List: Allows you to view and manage permissible streams.
  • Create: Allows you to create new stream and all permissions of list.
  • Admin: Allows you to view, create, and manage all permissions on all streams in your organization.

Baseline

Serves as a reference of normal IT activities. Can be created from and used in playbooks.

  • List: Allows you to view and manage permissible baselines.
  • Create: Allows you to create new baseline and all permissions of list.
  • Admin: Allows you to view, create, and manage all permissions on all baselines in your organization.

Case Management

Allows you to track activity related to investigations of threats and other security issues.

Admin: All users that have permission on a case type can view and edit fields, tasks or comments.
User: User of Case Management need to be assigned permission to individual case types to view/edit that case type.

Supported Entities

Following entities are supported for RBAC:

  • Playbook
  • Command
  • Connection
  • Integration Connection
  • Event Type
  • Stream
  • Baseline
  • Custom List
  • Case Management

Did this page help you?