- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to create Enterprise Security custom roles and have Notables dashboard different for each roles?
hi
anyone created "custom" roles in Enterprise Security and re-used the notables dashboard (security events) ?
We have multiple teams to cater for security, and was thinking of sending specific alerts to Security group based on their roles
The only requirement is
- ONE user should not be able to view the alerts of other user
- But OK, if they want to search index and see it. So we don't need index level restrictions, but ONLY view/dashboard/notable level segregation
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am not sure whether you can achieve this using custom ES role or not but here is the blog post https://www.splunk.com/blog/2017/03/20/assigning-role-based.html to create custom role in ES
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks harsha. That's interesting read. Will have a try and let you know. Upvoted in the meantime
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes, you could create roles, but not as easy as normal splunk. You need to pickup the capabilities you need and create the roles - the above article is a good starting point.
