NetWitness Community

Role-based access control in NetWitness Endpoint allows NetWitness Endpoint Administrators to more precisely control what information each user can access and manipulate by assigning a specifically configured role to each NetWitness Endpoint user.

Two static primary RBAC roles are defined within the NetWitness Endpoint UI.  These static roles cannot be changed.

• ReadOnly – Restricted access to the NetWitness Endpoint UI in a limited, read-only mode
• Admin – Full administrative access with read/write/execute and the ability to create and manage additional roles

Additional user-defined roles may be created and granted any of the following 18 permissions:

• Agent Maintenance – Update or uninstall agents, reset driver
• Analyse – Analyse with Security Analytics / NetWitness, Analyse a module
• Basic Scan – Request or cancel a scan
• Certificates – Flag a certificate vendor as trusted, remove trusted flags, edit trusted status, edit trusted domains
• Configure – Configure connection, timezones, internet search engines, monitoring & external components, global parameters, administrative status, machine groups, update certificates
• Edit Module Status – Edit Blacklist/Whitelist status, edit trusted domains, modify status, modify comments, modify modules to block
• Forensices – Request files, request MFT, request full memory dump, reboot endpoint
• IIOC – Modify IIOCs: Clone, delete, edit, create new
• Import/Export – Export to Excel, standalone scan - export scan configuration, standalone scan – import scan data, import/export blacklist/whitelist file, RSA Live
• Module Related Tools – Module Analyser, MFT Viewer, Search with File Advisor, Google & Virus Total, Open in new module view, View certificates
• Modules Actions – Add to trusted domains, download to server, save a local copy, assign module, add to custom hashset
• Remediation – Reboot, remediate, show diagnostics, remove selection from database, module blocking
• Scan Groups – Configure groups, add machine to group, remove machine from a group
• Scan with External – Scan with yara or OPSwat
• Schedule Time Spec – Local to client, local to server, UTC
• Server Configuration – Commission new server, change DNS or IP, Decommission server, configure cloud
  
• Server Configuration Discovery – Start or pause discovery
• UI Related – Copy data, copy data with header, access dashboard, configure skins

Two default customizable roles are created upon UI installation and serve as a recommended starting point.  Permissions appearing in strikethrough are absent from these default roles.