How to create Enterprise Security custom roles and...

koshyk · ‎02-19-2019

hi
anyone created "custom" roles in Enterprise Security and re-used the notables dashboard (security events) ?
We have multiple teams to cater for security, and was thinking of sending specific alerts to Security group based on their roles

The only requirement is
- ONE user should not be able to view the alerts of other user
- But OK, if they want to search index and see it. So we don't need index level restrictions, but ONLY view/dashboard/notable level segregation

harsmarvania57 · ‎02-19-2019

Hi,

I am not sure whether you can achieve this using custom ES role or not but here is the blog post https://www.splunk.com/blog/2017/03/20/assigning-role-based.html to create custom role in ES

koshyk · ‎02-20-2019

thanks harsha. That's interesting read. Will have a try and let you know. Upvoted in the meantime

lakshman239 · ‎02-22-2019

yes, you could create roles, but not as easy as normal splunk. You need to pickup the capabilities you need and create the roles - the above article is a good starting point.

How to create Enterprise Security custom roles and have Notables dashboard different for each roles?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation