Generic CFTR FAQs
You can click Forgot Password? on the sign-in page to reset your password. To allow password reset from the sign-in page, administrators must enable the Forgot Password setting for the Username/Password authentication method. If you do not see Forgot Password?, contact your administrator to reset the password.
Yes. CFTR admins can restrict or allow users of one Business Unit (BU) from accessing another BU data by removing or adding BUs in the Allowed Business Units section of individual users. To update the Allowed Business Units of a user, go to Admin Panel > User Management and click Edit Profile of a user.
Yes. After applying filters on the listing page, if you are signed out from CFTR or CFTR application refreshes, you can view the applied filters when you sign in again. You can also save the filters under SAVED SEARCHES.
You can check the updates to a record from the Activity Logs of the component. Open the records listing page of a component and click Activity Logs on the top-right corner.
You can follow a record to receive notifications when the record is updated. To follow a record, on the component listing page, click the Follow icon next to the record title.
Add labels to the records to classify the records of a component. If the required label is not available in the Labels drop-down list, contact your CFTR admin.
You can track any type of operation that takes long time to process in the Background Process, for example exports, bulk exports, advanced exports, and imports of devices and users.
Yes. You can enable Role based access control of Playbooks in Admin Panel > Configurations > Orchestrate Integration. For more information, see Configure RBAC for Orchestrate Playbooks section in Configure Role-Based Access Control (RBAC) in CFTR.
A bot user is used to define the permissions of an open API. An open API has the same permissions as the user group of the associated bot user. For example, if a bot user has View permission for incidents, then the associated open API can retrieve incident data, but cannot modify incidents.
You cannot view the data of a tenant if you are not a user of the tenant. To view the data, contact the admin to add you to the tenant.
CFTR admins can define the permissions for a user group to control user access to various features and functionalities in Admin Panel > User Groups Management. For more information, see Configure Role-Based Access Control (RBAC) in CFTR. There are three types of permissions for every feature:
No Access: The users of the user group do not have permission to view the feature.
View: The users of the user group have read-only access to the feature.
Create/Update: The users of the user group have the create and update access to the feature.
The widget names must be unique. If you have added custom widgets with duplicate names, rename one of the widgets with a unique name from the widget library.
You can update the name of the Incident module only. For more information, see Update Incident Module Name.
The administrator must configure and enable the Google Maps integration to render the world map in the widgets.
Ensure that the Google Maps API key is valid, not expired, and is assigned with the required permissions. For more information, see Generate Google Maps API Key.
No. You cannot deactivate the out-of-the-box user groups. The out-of-the-box user groups are:
SOC Manager
Sr. Management
Threat Intel Analyst
IR Manager
Forensic Investigator
Incident Responder
SOC Analyst
CFTR Admin
No. You cannot delete an asset (devices, users, software, and application) from CFTR. As a best practice, configure the unique fields for the asset modules and then import them. For more information, see Configure Unique Fields for Assets.