As you will know, MARS creates one default user, which is the pnadmin user.
But we can create our own users and groups for MARS management.
There are 4 types of users that can be created.
But we can create our own users and groups for MARS management.
There are 4 types of users that can be created.
- Admin - the equivalent of a superuser. This user type has full access to the MARS GUI.
- Security Analyst - has full use of the MARS, except cannot access the Admin tab.
- Operator - has read-only privileges.
- Notification Only - for a non-user of the MARS appliance, use this type of user account to send alerts to people who are not administrators, security analysts, or operators. (ie, the user cannot log into the MARS appliance)
As a point to note, only the pnadmin user account can login to the box via SSH.
Now once we have created all our users, can also create groups....
Now once we have created all our users, can also create groups....
And what can we do with these groups? Well we can use the Groups, when we want to create a notification for Actions on Rules, or when we want a report sent to multiple recipients.
Once the notification has been created, we can use this for a Rule Action.
And also creating a recipient for Reports....
Posts
2 comments:
Very nice walk through!
`Andy
There is any way to restrict a user to a limited ips ??? for example, you want to create an operator user that only has access to 20 ips and he only can see incidents of those ips.
Post a Comment