Skip to main content

Cyware Threat Intelligence eXchange

Create User Group

User groups provide users with specific permissions to various features of the application. Using user groups, you can group your users and grant them selected permissions to specific features in Intel Exchange.

Intel Exchange offers Admin and Read Only groups by default.

  • Admin: The Admin user group has permissions to all CTIX features. Assigning this group to any user will grant them complete permissions to all CTIX features. You can duplicate the default Admin user group and modify it to assign different levels of permissions.

  • Read Only: The read-only user has permission to view a limited set of features in Intel Exchange. In addition to this, Read-only users can also create private saved search and private report schedules. For more information about Read-only groups, see Read-Only User Groups.

    Note

    Your license includes a separate count for creating read-only users.

Before you Start

Ensure that you have View User Groups, Create User Groups, and Update User Groups permissions.

Steps

To create a user group, follow these steps:

  1. Go to Administration > User Management > User Groups.

  2. Click Add User Group, and enter the following details:

    • Name: Enter a group name within 50 characters. For example, enter Analysts to create a user group for analysts that provides permissions to view and create Threat data. 

    • Description: Enter a group description within 300 characters to describe the key functionality of the user group.

    • SAML User Group: To onboard new users and authorize SAML-authenticated users upon every login, you can map SAML IdP groups with Cyware application's user groups. Suppose an exact match for the group name is found. In that case, the users are granted access and permissions within the application, as defined by the external identity provider (SAML user group) and the application's access permissions. If no user groups are configured, the default user group from the SAML authentication configuration will be automatically used. To configure the group attribute and default user groups, see Configure SAML 2.0 as the Authentication Method.

      • Enter the SAML user group name. You can add multiple user groups as a comma-separated list. The SAML User Group field is pre-filled based on your user group's name. However, you can modify SAML group names to match your IdP provider group names.

        When you map multiple user groups to a Cyware application's user group, the SAML assertion will verify all the group permissions and provide consolidated access to the features.

        When adding read-only and non-read-only groups, the application prioritizes the non-read-only group and assigns permissions based on that group's settings.

    • Allowed TLPs: Select the TLPs to allow users to access threat data objects associated with selected TLPs. Users cannot view the objects associated with the not-selected TLPs in Threat Data. If no TLP is selected, users can access all threat data objects.

    • Restricted Tags: Select tags to restrict users from accessing threat data objects associated with selected tags. Only tags from the Privileged Access Tags category can be added as restricted tags. If no tag is selected, users can access all threat data objects.

    • Tag Categories Management Permission: Select the tag categories that can be added or modified by users from Administration > Tag Management. By default, the Source, User, and System tag categories are already selected.

      Note

      • The user group must have the Create Tags and Update Tags permission to add and modify tags of the selected categories in Tag Management.

      • If no category is selected, users can view the Source, User, and System tag categories in Tag Management, but cannot add or modify tags. The user group must have View Tags permission to view tags in Tag Management.

      • Irrespective of the permission, all users can add and remove Source, User, and System tags in threat data objects.

      • Only user groups with Tag Categories Management Permission for Privileged Access tags can view the Privileged Access tags tab in Tag Management.

    • Privileged Access Tags: You can view the list of privileged-access tags assigned to the user group in Tag Management. For more information, see Tag Management.

    • Read Only User Group: Turn on Read Only User Group to create a user group with limited permissions in Intel Exchange. By default, it is disabled. For more information on read-only groups, see Read-Only User Groups.

    • User Group Status: Turn on User Group Status to set the group status to active. By default, it is disabled. You can only add users to active groups.

    • Permissions: Select one or more permissions to assign the user group. For more information about user group permissions, see User Groups Permission Set.

  3. Click Add User Group.

You can view details about the user group under User Groups such as the user group name, the creator of the group, the number of users in the group, the number of permissions assigned, and the status of the group.

Note

 Intel Exchange provides the creation of a maximum of 100 read-only user groups. If you have exhausted the maximum limit, contact Cyware Support to increase the limit. Consider disabling inactive groups to make room for new groups. For more information about the platform limits for user groups, see Data Limits.