Create User Group
You must have Create/Update permissions for User Group Management to add a user group. To add a user group, do the following:
Go to Admin Panel > User Group Management.
Click Add Group at the top-right.
Enter the following details:
Group Name: Enter a name for the user group.
Description: Enter a description for the user group.
SAML Group Name: To onboard new users and authorize SAML-authenticated users upon every login, you can map SAMP IdP groups with Cyware application's user groups. If an exact match for the group name is found, then the users are granted access and permissions within the application, as defined by the external identity provider (SAML user group) and the application's access permissions. If no user groups are configured, the default user group from the SAML authentication configuration will be automatically used. To configure the group attribute and default user groups, see Configure SAML 2.0 as the Authentication Method.
Enter the SAML user group name. You can add multiple user groups as a comma-separated list. The SAML User Group field is pre-filled based on your user group's name. However, you can modify SAML group names to match your IdP provider group names.
When you map multiple user groups to a Cyware application's user group, the SAML assertion will verify all the group permissions and provide consolidated access to the features.
When adding both read-only and non-read-only groups, the application gives precedence to the non-read-only group and assigns permissions based on that group's settings.
Rate: Enter a rate for the user group between 1 and 999999. This is used to calculate the average cost of an incident and action, cost per incident type, the average cost per analyst, and the average cost per business unit.
Note
You can configure the cost model frequency and currency to calculate the cost under Admin Panel > Configurations > Basic Configuration > Cost Configurations. For more information, see Configure General Settings.
Users: Select the users that you want to add to the user group.
Orchestrate Playbook Tags: Select the Orchestrate Playbook tags to allow the users to access the Playbooks.
Note
To configure Orchestrate Playbook Tags, you must integrate and enable Orchestrate with CFTR. For more information, see Integrate Orchestrate.
Permissions: Enable or disable the View and Create/Update toggles to configure the permission to various features of CFTR.
Note
For ease of configuration, View permission for some features are enabled by default and cannot be modified. For example, Business Units, Dashboards, Labels, Locations, and more.
Click Add.
Deactivate User Group
You can deactivate the unused custom user groups and disable users from assigning incidents, actions, enhancements, and PIRs to inactive user groups.
Note
You cannot deactivate the default user groups, such as SOC Manager, Sr. Management, Threat Intel Analyst, IR Manager, Forensic Investigator, Incident Responder, SOC Analyst, and CFTR Admin.
Before you Start
Before you deactivate a user group, do the following:
Reassign the incidents, actions, enhancements, and PIRs to other user groups.
Remove all users from the user group and assign them to other user groups.
Steps
To deactivate a user group, do the following:
Go to Admin Panel >User Management.
Select a user group.
Disable the Active toggle.
You can find the inactivated user groups under Inactive. Users cannot assign inactive user groups to incidents, actions, enhancements, and PIRs.
Supported Activities for User Groups
On the User Group Management page, you can perform the following activities:
Search for a user group.
Search for a feature to view the permission in a user group.
Update the user group details.
View activity logs to track updates to the user groups.
Export activity logs.