Anonymous_User Absent Member.
Absent Member.
353 views

Tagging in Sentinel 7


Hi Guys,

I have a question, it may be a misunderstanding by me and I just wanted
to clarify with you guys. So tagging events in Sentinel 7, in particular
PCI events. There is a tag setup out the box for PCI and the admin guide
seems to suggest if this tag is applied to an event source that only
users with the PCI Compliance Auditor role can view these events.

> You must have the appropriate permission to view events that are tagged
> with specific tags. For
> example, only users in the PCI Compliance Auditor role can view events
> that are tagged with at least
> one of the regulation‐related tags such as PCI, SOX, HIPAA,
> NERC_CIP, FISMA, GLBA, NISPOM,
> JSOX, and ISO/IEC_27002:2005.


So on a test vm I have applied the PCI tag to a collector manager so
that all events that pass through this are tagged as PCI events. This
works as expected, however if I login as a user with any of the
following roles I can see these PCI events: Administrator, User, or PCI
Compliance Auditor. I was expecting only the PCI Compliance Auditor and
maybe the Administrator to be able to see these events, not a user with
a standard User role.

Is there a way to restrict a tag to specifically only be accessible
from 1 role? Is this how the default PCI role should be?

Thanks in Advance.


--
alanforrest
------------------------------------------------------------------------
alanforrest's Profile: http://forums.novell.com/member.php?userid=90508
View this thread: http://forums.novell.com/showthread.php?t=454415

0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Tagging in Sentinel 7


So I guess one solution would be to apply a filter to the Users role for
example, however it would be really good if there was a way to apply
some sort of rule to a tag to prevent all roles except specific ones
from accessing tagged data.

eg.

Code:
--------------------
SEV[0 TO 5] NOT rv145:"PCI"
--------------------


I guess it's been a misunderstanding on my part.


--
alanforrest
------------------------------------------------------------------------
alanforrest's Profile: http://forums.novell.com/member.php?userid=90508
View this thread: http://forums.novell.com/showthread.php?t=454415

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.