AlienVault® USM Anywhere™

Role-Based Access Control (RBAC) in USM Anywhere

Role Availability Read-Only Analyst Manager

USM Anywhere implements the role-based access control (RBAC)Describes authentication and authorization scheme in which access to functionality is based on the privileges or permissions associated with the group or role a user is a member of., which provides users with:

There are three roles in USM Anywhere:

When the status of a user changes to Disabled, the role column of that user in the User List will include Suspended.

Main User List page with a suspender user

Predefined Roles in USM Anywhere

Section Action Read-Only User Analyst User Manager User
Dashboards Dashboard and dashboard views
Create custom dashboard
Upper Navigation Access: documentation, support, and forum links
Activity > Alarms View: alarmsAlarms provide notification of an event or sequence of events that require attention or investigation. page and alarm details
Configure filters
Asset drop-down menu items: add to current filter, find in events, look up in OTXThe world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. This repository provides a continuous view of real time malicious activity.
Asset drop-down menu items: full details, configuration issuesAn identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure., vulnerabilitiesA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security., alarms, eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall.
Manage columns
Generate report
Save views
Alarm details: alarm action, create rule, suppress alarm, apply label, set a status, add to investigation
Alarm labels: apply, create, manage
Alarm Status: apply
Activity > Events View: events page and event details
Configure filters
Asset drop-down menu items: add to current filter, look up in OTX
Asset drop-down menu items: full details, configuration issues, vulnerabilities, alarms, events
Generate report
Save views
Events details: event action, create rule, suppress event, add to investigation
Environment > Assets View: assets page and assets details
Configure filters

Asset drop-down menu items: find in events, look up in OTX, full details, configuration issues, vulnerabilities, alarms, events

Asset drop-down menu items: configure asset, delete asset, asset scan, authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges.

Manage columns
Generate report
Save views
Actions menu: create asset (quick, advanced), delete selected, edit fields, assign credentials, set sensor, set compliance scope, add to asset groupAsset groups are administratively created objects that group similar assets for specific purposes.
Asset details: deploy an agent, assign credentials, schedule a job
Asset details, actions menu: configure asset, delete asset, add to asset group, agent query, asset scan, authenticated scan, assign credentials, schedule scan job
Environment > Asset Groups View: asset groups page and asset groups details
Configure filters
Asset Group drop menu items: full details, configuration issues, vulnerabilities, alarms, events
Asset Group drop menu items: full details, configure asset group, delete asset group, asset group scan, assign credentials, authenticated scan
Generate report
Save views
Actions menu: create asset group (static and dynamic)
Asset group details, actions menu: configure asset group, delete asset group, edit fields, assign credentials to group members, assign agent profile, set sensor, set compliance scope, asset group scan, assign credentials, authenticated scan, schedule scan job
Environment > Vulnerabilities View: vulnerabilities page and vulnerabilities details
Generate report
Save views
Vulnerability labels: apply, create, manage
Asset drop-down menu items: add to current filter, find in events, look up in OTX, full details
Asset drop-down menu items: configure asset, delete asset, asset scan, assign credentials, authenticated scan
New scan
Vulnerabilities details: select action, apply label
Environment > Configuration Issues View: configuration issues page and configuration issues details
Configure filters
Generate report
Save view
Asset drop-down menu items: add to current filter, look up in OTX, full details, configuration issues, vulnerabilities, alarms, events
Asset drop-down menu items: configure asset, delete asset, assign credentials, authenticated scan
Asset drop-down menu items: configure asset, delete asset, asset scan, assign credentials, authenticated scan
Configuration issues details, actions menu: configure asset, delete asset, add to asset group, agent query, asset scan, authenticated scan, assign credentials, schedule scan job
Configuration issues details: deploy an agent, assign credentials, schedule a scan job
Reports > My reports Generate report
Reports > Compliance templates Generate report
Reports > Event type templates Generate report
Data sources > Sensors View the sensor page
Add a new sensor
Configure a sensor
Edit a sensor
Assign a sensor
Delete, redeploy a sensor
Data sources > Agents Run an agent query
Delete an agent
Assign an agent configuration profile
Investigations View investigations page
Edit an investigation
Create a new investigation
View investigations details
Delete an investigation
Notification rule for investigations
Settings > Scheduler View the job scheduler page
Create, enable, disable a new job
Settings > Rules View the rules page
Create an orchestration rule
Create a correlation list
Settings > Notifications Modify credentials
Settings > System View a summary of your current network configuration
Create asset field
Modify the session timeout
Settings > System events View the system events page
Settings > OTX View the threat intelligence page
Validate an OTX key
Settings > Credentials View the credentials page
Create a new credential
Settings > Users View the user page
Create a user
Edit a user
Delete a user
Settings > My subscription View the my subscription page
Purge data
Connect to USM Central™