Policy Descriptions
The following table provides a description of the polices available to enable for any role:
Policy
|
Description
|
---|---|
Allow Capture Engine usage
|
This policy allows a user to use any REST-API or Omni protocol command, which effectively includes all Capture Engine functionality.
|
Capture / Forensic Search: View packets from captures and forensic searches create by other users
|
This policy allows a user to view packets from captures and forensic searches created by other users.
|
Capture / Forensic Search: View statistics from captures and forensic searches create by other users
|
This policy allows a user to view statistics from captures and forensic searches created by other users. This policy also allows access to MSA projects the user doesn’t own.
|
Capture: Create new capture
|
This policy allows a user to create a new capture.
|
Capture: Delete captures created by other users
|
This policy allows a user to delete captures created by other users.
|
Capture: Delete files created by other users
|
This policy allows a user to delete capture files created by other users.
|
Capture: Modify captures create by other users
|
This policy allows a user to modify the capture settings for captures created by other users.
|
Capture: Start/stop captures created by other users
|
This policy allows a user to start and stop captures created by other users.
|
Capture: View captures created by other users
|
This policy allows a user to view captures and capture data created by other users. The user must also have either the View Packets ACL or View Statistics ACL permission (first two policies in this table) as well to open a capture window for a capture the user doesn’t own.
|
Configuration: Configure API tokens
|
This policy allows a user to configure and view API tokens.
|
Configuration: Configure engine settings
|
This policy allows a user to configure and view engine settings.
|
Configuration: Download packet data
|
This policy allows a user to download packet files from captures and distributed forensic searches.
|
Configuration: Save packet data
|
This policy allows users to save packet data from captures and forensic searches.
|
Configuration: Upload files
|
This policy allows a user to upload or open packet files.
|
Configuration: View the audit log
|
This policy allows a user to view the Audit Log.
|
Forensic Search: Allow analysis in forensic searches
|
This policy allows the user to perform analysis in forensic searches. Without this policy, users will only be able to perform a forensic search that shows packets and only packets.
|
Forensic Search: Create new forensic search
|
This policy allows a user to create forensic searches and distributed forensic searches, and to perform a cross launch from LiveNX.
|
Forensic Search: Delete forensic searches created by other users
|
This policy allows the user to delete a forensic search, distributed forensic search, or MSA project created by others.
|
Forensic Search: View forensic searches created by other user
|
This policy allows a user to view forensic searches and distributed forensic searches created by others. The user must also have either the View Packets ACL or View Statistics ACL permission (first two policies in this table) as well to view the forensic search for a forensic search the user doesn’t own.
|
Policy Description notes:
◦ In order to delete capture sessions from the Forensics view, the user must have the Delete Captures and the Delete Files policies.
◦ The View Captures, Save Packet Data and Create Forensic Search policies will affect which capture sessions are available to the user when performing a distributed forensic search or creating an MSA project. The user must have the View Captures policy on the target engine to see capture sessions for captures the user doesn't own. The user must have the Save Packet Data and Create Forensic Search policies on the target engine to see any of its capture sessions.
◦ The user must have the Upload Files and Create Forensic Search policies to create a distributed forensic search and to create an MSA project.
◦ Users always maintain control over their own data, for example, deleting a capture they started. See also Manage Users for Roles.