Learn the various permissions available to the policy manager role in Nightfall.
The Policy Manager role allows users to view and create custom detectors, work on various Nightfall integrations, and create and edit policies.
The Nightfall app view for a user with this role is as shown in the following image.
A user with Policy Manager Role has the following permissions.
With the App management permission, users can manage connections to various existing Nightfall integrations and create new instance of connections with Nightfall integrations. With the App Alert Management permission, users can add, edit, or delete notification channels for each integration.
With the Detectors permission, users can view all the detectors, view detectors that belong to a specific category, filter the list of detectors, search a detector, and copy the UUID of a detector. Users with this role can also create custom detectors.
With the Detection Rules Permission, users can view and modify detection rules. Furthermore, this permission also allows users to create new detection rule and add detectors to it.
The DLP policies permission allows users to create, edit, and delete the DLP policies. The Exfiltration/Posture management permission allow users to create, edit, and delete the exfiltration, Posture management, and Firewall for AI policies. Users can also search and filter policies.
Learn the various permissions available to the system administrator role in Nightfall.
Users with the System administrator role have access to the whole Nightfall application. There is no restricted resource from the system administrator user. Users with System adminstrator roles can create API keys for Firewall for AI. They can also add or remove users from the Nightfall app and edit a user's current role. System administrators also have full access to the Nightfall settings configurations.
The Nightfall app view for a user with this role is as shown in the following image.
A user with the System Administrator role can perform all the tasks as in case of a Security Operations Manager Role. Additionally, the following tasks can also be performed.
With the API Keys permission, users can create new API keys and delete existing API keys. Users can also view or regenerate the webhook signing key.
With the User Management permission, users can add, edit or delete users from the Nightfall app. Admin users can also modify the roles of existing users.
The alert management permission allows users to configure alert platforms. These alert platforms can be used as notification channels while configuring integrations or creating policies for an integration.
The Directory Sync permission allows users to configure directory sync services to configure policies related to Google Drive and Microsoft.
The Billing page allows users to view their current plan and other details related to the current plan. Users can also view the integrations also view the Nightgall products being used by the organization.
As mentioned above, apart from the above permissions, administrator user has access to all the other sections of Nightfall app which are accessible to a user with the Security Operations Manager Role.
Learn the various permissions available to the security analyst role in Nightfall.
The Security Analyst role allows users to view Dashboard, generate reports from Dashboards, view DLP violations, view exfiltration and posture management events, and view detectors.
The Nightfall app view for a user with this role is as shown in the following image.
A user with Security Analyst Role has the following permissions
With the Dashboard and Reporting permissions, users to view data on the Dashboard, apply filters to the dashboard data, and also generate reports from the Dashboard data.
With the DLP Violations permission, users can take appropriate actions on the DLP violations. They can also share the violation data and export it as a CSV file.
With the Content Preview permission, users can preview the content of the DLP Violations page. The sensitive data is redacted.
The main point of difference between the Security analyst role and the Security events manager role is that users with the Security analyst role can view redacted content of DLP violations page.However, content is not redacted for the Security Events manager role.
With the Exfiltration permission, users can filter event data, share event data, view historic events data, and take actions on Posture management, Exfiltration, and encryption events.
With the Detectors permission, users can view all the detectors, view detectors that belong to a specific category, filter the list of detectors, search a detector, and copy the UUID of a detector.
Learn how the role based access control(RBAC) works in Nightfall.
Role Based access control (RBAC) streamlines permissions to various resources within the Nightfall console. There are two key components of RBAC within Nightfall - roles and permissions.
A role is a collection of pre-defined permissions that can be assigned to user accounts within Nightfall. Default roles cannot be edited. A role can be assigned to more than one user account whereas an user account can only have one role. Permissions refer to the specific create, read, update, and delete actions you can take on resources such as policies, events, apps, etc within Nightfall.
To access the Users and Roles page:
Click Settings from the left menu.
Click the Users & roles tab.
You can view the list of Users and the roles assigned to each user.
Click the Roles tab to access the Roles page.
The Roles page displays the Role name, Permissions assigned to a role and the number of users to whom the role is assigned, as shown in the following image.
You can click the View permission details button to expand the complete list of permissions associated with a Role.
Currently, you can only a maximum of one role to a user. Also, you cannot create custom Roles and must use the out of the box Roles provided by Nightfall.
Nightfall provides you with five Roles. Each of the five Roles is associated with multiple permissions. The following table lists each role and the permissions associated with the Role.
You can learn more about each of the role from the following links.
Learn the various permissions available to the security events manager role in Nightfall.
The Security Events Manager role allows users to view Dashboard, generate reports from Dashboards, view DLP violations, view exfiltration and posture management events, and view detectors.
The Nightfall app view for a user with this role is as shown in the following image.
A user with Security Events Manager Role has the following permissions.
With the Dashboard and Reporting permissions, users to view data on the Dashboard, apply filters to the dashboard data, and also generate reports from the Dashboard data.
With the DLP Violations permission, users can take appropriate actions on the DLP violations. They can also share the violation data and export it as a CSV file.
With the Content Preview permission, users can preview the content of the DLP Violations page. The sensitive data is not redacted for this role.
The main point of difference between the Security analyst role and the Security events manager role is that users with the Security analyst role can view redacted content of DLP violations page.However, content is not redacted for the Security Events manager role.
With the Exfiltration permission, users can filter event data, share event data, view historic events data, and take actions on Posture management, Exfiltration, and encryption events.
With the Detectors permission, users can view all the detectors, view detectors that belong to a specific category, filter the list of detectors, search a detector, and copy the UUID of a detector.
Learn the various permissions available to the security operations manager role in Nightfall.
The Security Operations Manager role allows users to view Dashboards and create reports, view and create custom detectors, work on various Nightfall integrations, handle DLP violations, exfiltration, and Posture Management events, and create and edit policies.
The Nightfall app view for a user with this role is as shown in the following image.
A user with Security Operations Manager Role has the following permissions.
With the Dashboard and Reporting permissions, users to view data on the Dashboard, apply filters to the dashboard data, and also generate reports from the Dashboard data.
With the DLP Violations permission, users can take appropriate actions on the DLP violations. They can also share the violation data and export it as a CSV file.
With the Content Preview permission, users can preview the content of the DLP Violations page. The sensitive data is not redacted for this role.
With the Exfiltration permission, users can filter event data, share event data, view historic events data, and take actions on Posture management, Exfiltration, and encryption events.
With the Detectors permission, users can view all the detectors, view detectors that belong to a specific category, filter the list of detectors, search a detector, and copy the UUID of a detector. Users with this role can also create custom detectors.
With the Detection Rules Permission, users can view and modify detection rules. Furthermore, this permission also allows users to create new detection rule and add detectors to it.
The DLP policies permission allows users to create, edit, and delete the DLP policies. The Exfiltration/Posture management permission allow users to create, edit, and delete the exfiltration, Posture management, and Firewall for AI policies. Users can also search and filter policies.
With the App management permission, users can manage connections to various existing Nightfall integrations and create new instance of connections with Nightfall integrations. With the App Alert Management permission, users can add, edit, or delete notification channels for each integration.
Role | Permissions |
---|---|
Security Analyst
Policy Manager
Security Events Manager
Security Operations Manager
System Administrator