CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adjust custom_role examples to be more realistic

Browse Source
This commit is contained in:
Jason Ertel
2021-09-14 14:03:22 -04:00
parent ff989b1c73
commit 9970e54081
1 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/soc/files/soc/custom_roles
View File

@@ -9,12 +9,15 @@
# Syntax => prebuiltRoleX: customRoleY: op # Syntax => prebuiltRoleX: customRoleY: op
# Explanation => roleY and roleZ are adjusted permissions of roleX, op is: # Explanation => roleY and roleZ are adjusted permissions of roleX, op is:
# + add the new permissions/role mappings (default) # + add the new permissions/role mappings (default)
# - remove existing prebuilt permissions # - remove existing "explicit" prebuilt permissions. This
# does not work with implictly inherited permissions.
# #
# In the example below, we will define a new role for junior analysts, # In the example below, we will define two new roles for segregating
# that is nearly identical to the analyst role that comes with SOC, with the # analysts into two regions. Then we will remove the ability for all
# exception that it removes their ability to obtain details about other # analysts to see the roles of other analysts. (Seperately we will need to
# analysts in the system. # define these two new roles in Elasticsearch so that each analyst region
# can only see data from their specific region's indices, but that is out
# of scope from this file.)
# #
# analyst: jr_analyst # analyst: westcoast_analyst, eastcoast_analyst
# user-monitor: jr_analyst:- # roles/read: user-monitor:-