Create an automation role#

It is a good idea to have one or more dedicated user, groups, and roles, as necessary, to handle automation tasks that interact with external products or components of your system:

  • Automation roles group sets of permissions to define and to constrain the actions automation users are allowed to perform.

  • Automation groups bring together automation users, and they define which platform areas, features, and functionality are accessible to automation users.

  • Automation users handle automation and integration tasks – based on the automation role they are assigned and the automation groups they are members of – such as authentication, data exchange through outgoing and incoming feeds, or automatic entity creation as a follow-up action on a specific event.

Create the automation role#

Note

Required fields are marked with an asterisk (*).

To create and to add a new role:

  1. In the side navigation bar select Settings Settings> User management > Roles > Create role +.

    The role editor is displayed.

To create a new automation role:

  1. In the side navigation bar select Settings Settings > User management.

  2. Select the Roles tab, and then select Create role + to create a new role.

    The role editor is displayed.

Under Create role, define the following configuration settings:

  1. In the Name field, enter a short, clear, and descriptive name to identify the automation role.

    Example: External systems integrator

  2. In the Description field, enter a short, free-form description to clarify the purpose and the scope of the automation role.

    Example: Allows implementing data exchange interoperability between the platform and an external system.

  3. From the Permissions drop-down menu, select the actions the role is allowed to perform, and the platform objects the role can act on.

    Alternatively:

    • Start typing a permission name in the autocomplete text input field.

    • Select one or more filtered permissions from the matching result list.

    To remove a selection, go to the item(s) you want to remove, and select the cross icon x.

    To remove all selections at once, select the cross icon x next to the drop-down menu arrow Drop-down menu arrow in the input field.

    Alternatively, select Unselect all options.

  4. To store your changes, select Save; to discard them, select Cancel.

Assign permissions to the automation role#

The automation role for a platform-to-platform integration through a TAXII feed requires read access to:

  • Data sources: incoming feeds, groups

  • Feeds: incoming and outgoing feeds

  • TAXII services: discovery, collection, inbox or poll.

The following overview includes the minimum set of permissions an automation role should be granted to manage basic data exchange through a TAXII outgoing -> TAXII incoming feed configuration.

If your automation user role should also interact with other platform features such as datasets and workspaces, you can integrate this basic permission set with the default permissions granted to the default Threat Analyst role.

To view permissions for the the default Threat Analyst role:

  1. In the side navigation bar select Settings Settings> User management > Roles

    To sort items by column header:

    1. Select the header of the column whose content you want to sort.

    2. Select Sort in ascending order or Sort in descending order to sort the content in either ascending or descending order, respectively.

  2. Under Role name, select Threat Analyst.

  3. In the Threat Analyst detail pane, in the Overview tab, you can view a list of permissions granted to the role.

These are guidelines, and therefore not mandatory.

You may need to tweak the automation role permissions based on trial and error hands-on experience to best suit your environment.

Basic permission set for the automation role#

Sender automation role

Receiver automation role

Required

Notes

  • read configurations

  • read content-blocks

  • read content-types

  • read destinations

  • read entities

  • read extracts

  • read intel-sets

  • read outgoing-feeds

  • read sources

  • read taxii-services

  • read transports

  • read configurations

  • read content-blocks

  • read content-types

  • read destinations

  • read entities

  • read extracts

  • read incoming-feeds

  • read intel-sets

  • read sources

  • read taxii-services

  • read transports

Yes

Different permissions between sender and receiver automation roles are highlighted in bold.

  • modify incoming-feeds

  • modify taxii-services

See notes

The sender automation user role must have also these permissions if:

  • A platform-to-platform data exchange implementation uses a TAXII inbox outgoing feed TAXII inbox incoming feed setup.

  • A TAXII inbox outgoing feed uses Basic authentication.

modify outgoing-feeds

See notes

The receiver automation user role must have also this permission if:

  • A platform-to-platform data exchange implementation uses a TAXII inbox outgoing feed TAXII inbox incoming feed setup.

  • A TAXII inbox incoming feed uses Basic authentication.

Note

When you assign permissions to a role, either to modify an existing role or to define a new role, make sure you understand what permissions are and how they work in the platform.

For more information, see: