KUMA users may have the following roles:
User roles rights
Web interface section and actions |
General administrator |
Administrator |
Analyst |
Operator |
Comment |
Reports |
|
|
|
|
|
View and edit templates and reports |
yes |
yes |
yes |
no |
Analysts can:
|
Generate reports |
yes |
yes |
yes |
no |
Analysts can generate reports that they created themselves or that are predefined (from a template or report). Analysts cannot generate reports sent to them by email. |
Export generated reports |
yes |
yes |
yes |
no |
Analysts can export the following:
|
Delete templates and generated reports |
yes |
yes |
yes |
no |
Analysts can delete the templates and reports that they generated themselves. Analysts should not delete:
|
Edit the settings for generating reports |
yes |
yes |
yes |
no |
Analysts may change the settings for generating reports that they created themselves or that are predefined. |
Duplicate report template |
yes |
yes |
yes |
no |
Analysts can duplicate predefined report templates and report templates that they created themselves. |
Dashboard |
|
|
|
|
|
View data on the dashboard and change layouts |
yes |
yes |
yes |
yes |
|
Add layouts |
yes |
yes |
yes |
no |
This includes adding widgets to a layout. |
Edit and rename layouts |
yes |
yes |
yes |
no |
This includes adding, editing, and deleting widgets. Analysts may change/rename predefined layouts and layouts that were created using their account. |
Delete layouts |
yes |
yes |
yes |
no |
Tenant administrators may delete layouts in the tenants available to them. Analysts may delete layouts that were created using their account. Only the general administrator can delete predefined layouts. |
Resources → Services and Resources → Services → Active services |
|
|
|
|
|
View the list of active services |
yes |
yes |
yes |
no |
Only the general administrator can view and delete storage spaces. Access rights do not depend on the tenants selected in the menu. |
View the contents of the active list |
yes |
yes |
yes |
no |
|
Import/export/clear the contents of the active list |
yes |
yes |
yes |
no |
|
Create a set of resources for services |
yes |
yes |
yes |
no |
Analysts cannot create storages. |
Create a service under Resources - Services - Active services |
yes |
yes |
no |
no |
|
Delete services |
yes |
yes |
no |
no |
|
Restart services |
yes |
yes |
no |
no |
|
Update the settings of services |
yes |
yes |
yes |
no |
|
Reset certificates |
yes |
yes |
no |
no |
A user with the administrator role can reset the certificates of services only in the tenants that are accessible to the user. |
Resources → Resources |
|
|
|
|
|
View the list of resources |
yes |
yes |
yes |
no* |
Analysts cannot view the list of secret resources, but these resources are available to them when they create services. |
Add resources |
yes |
yes |
yes |
no |
Analysts cannot add secret resources. |
Edit resources |
yes |
yes |
yes |
no |
Analysts cannot change secret resources. |
Create/edit/delete resources in a shared tenant |
yes |
no |
no |
no |
|
Delete resources |
yes |
yes |
yes |
no |
Analysts cannot delete secret resources. |
Import resources |
yes |
yes |
yes |
no |
Only the general administrator can import resources to a shared tenant. |
Export resources |
yes |
yes |
yes |
no |
This includes resources from a shared tenant. |
View/edit collector or correlator drafts |
yes |
yes |
yes |
no |
The user may only access their own drafts, regardless of the selected tenant. The list of drafts is generated based on those that belong to the user. |
Sources status → List of event sources |
|
|
|
|
|
View sources of events |
yes |
yes |
yes |
yes |
|
Change sources of events |
yes |
yes |
yes |
no |
Edit source name, assign monitoring policy, disable monitoring policy. |
Delete sources of events |
yes |
yes |
yes |
no |
|
Sources status → Monitoring policies |
|
|
|
|
|
View monitoring policies |
yes |
yes |
yes |
yes |
|
Create monitoring policies |
yes |
yes |
yes |
no |
|
Edit monitoring policies |
yes |
yes |
yes |
no |
Only the general administrator can edit the predefined monitoring policies. |
Delete monitoring policies |
yes |
yes |
yes |
no |
Predefined policies cannot be removed. |
Assets |
|
|
|
|
|
View assets and asset categories |
yes |
yes |
yes |
yes |
This includes shared tenant categories. |
Add/edit/delete asset categories |
yes |
yes |
yes |
no |
Within the tenant available to the user. |
Add asset categories in a shared tenant |
yes |
no |
no |
no |
This includes editing and deleting shared tenant categories. |
Link assets to an asset category of the shared tenant |
yes |
yes |
yes |
no |
|
Add assets |
yes |
yes |
yes |
no |
|
Edit assets |
yes |
yes |
yes |
no |
|
Delete assets |
yes |
yes |
yes |
no |
|
Import assets from Kaspersky Security Center |
yes |
yes |
yes |
no |
|
Start tasks on assets in Kaspersky Security Center |
yes |
yes |
yes |
no |
|
Alerts |
|
|
|
|
|
View the list of alerts |
yes |
yes |
yes |
yes |
|
Change the priority of alerts |
yes |
yes |
yes |
yes |
|
Open the details of alerts |
yes |
yes |
yes |
yes |
|
Assign responsible users |
yes |
yes |
yes |
yes |
|
Close alerts |
yes |
yes |
yes |
yes |
|
Add comments to alerts |
yes |
yes |
yes |
yes |
|
Attach an event to alerts |
yes |
yes |
yes |
yes |
|
Detach an event from alerts |
yes |
yes |
yes |
yes |
|
Edit and delete someone else's filters |
yes |
yes |
no |
no |
|
Incidents |
|
|
|
|
|
View the list of incidents |
yes |
yes |
yes |
yes |
|
Create blank incidents |
yes |
yes |
yes |
yes |
|
Manually create incidents from alerts |
yes |
yes |
yes |
yes |
|
Change the priority of incidents |
yes |
yes |
yes |
yes |
|
Open the details of incidents |
yes |
yes |
yes |
yes |
Incident details display data from only those tenants to which the user has access. |
Assign executors |
yes |
yes |
yes |
yes |
|
Close incidents |
yes |
yes |
yes |
yes |
|
Add comments to incidents |
yes |
yes |
yes |
yes |
|
Attach alerts to incidents |
yes |
yes |
yes |
yes |
|
Detach alerts from incidents |
yes |
yes |
yes |
yes |
|
Edit and delete someone else's filters |
yes |
yes |
no |
no |
|
Export incidents to RuCERT |
yes |
yes |
yes |
yes |
|
Events |
|
|
|
|
|
View the list of events |
yes |
yes |
yes |
yes |
|
Search events |
yes |
yes |
yes |
yes |
|
Open the details of events |
yes |
yes |
yes |
yes |
|
Open statistics |
yes |
yes |
yes |
yes |
|
Conduct a retroscan |
yes |
yes |
yes |
no |
|
Export events to a TSV file |
yes |
yes |
yes |
yes |
|
Edit and delete someone else's filters |
yes |
yes |
no |
no |
|
Start ktl enrichment |
yes |
yes |
yes |
no |
|
Settings → Users |
|
|
|
|
This section is available only to the general administrator. |
View the list of users |
yes |
no |
no |
no |
|
Add a user |
yes |
no |
no |
no |
|
Edit a user |
yes |
no |
no |
no |
|
View the data of their own profile |
yes |
yes |
yes |
yes |
|
Edit the data of their own profile |
yes |
yes |
yes |
yes |
The user role is not available for change. |
Settings → LDAP server connections |
|
|
|
|
|
View the LDAP connection settings |
yes |
yes |
no |
no |
|
Edit the LDAP connection settings |
yes |
yes |
no |
no |
|
Settings → Tenants |
|
|
|
|
This section is available only to the general administrator. |
View the list of tenants |
yes |
no |
no |
no |
|
Add tenants |
yes |
no |
no |
no |
|
Change tenants |
yes |
no |
no |
no |
|
Disable tenants |
yes |
no |
no |
no |
|
Settings → Domain authorization |
|
|
|
|
This section is available only to the general administrator. |
View the Active Directory connection settings |
yes |
no |
no |
no |
|
Edit the Active Directory connection settings |
yes |
no |
no |
no |
|
Add filters based on roles for tenants |
yes |
no |
no |
no |
|
Settings → Notifications |
|
|
|
|
This section is available only to the general administrator. |
View the SMTP connection settings |
yes |
no |
no |
no |
|
Edit the SMTP connection settings |
yes |
no |
no |
no |
|
Settings → License |
|
|
|
|
This section is available only to the general administrator. |
View the list of added license keys |
yes |
no |
no |
no |
|
Add license keys |
yes |
no |
no |
no |
|
Delete license keys |
yes |
no |
no |
no |
|
Settings → Kaspersky Security Center |
|
|
|
|
|
View the list of successfully integrated Kaspersky Security Center servers |
yes |
yes |
no |
no |
|
Add Kaspersky Security Center connections |
yes |
yes |
no |
no |
|
Delete Kaspersky Security Center connections |
yes |
yes |
no |
no |
|
Settings → Kaspersky CyberTrace |
|
|
|
|
This section is available only to the general administrator. |
View the CyberTrace integration settings |
yes |
no |
no |
no |
|
Edit the CyberTrace integration settings |
yes |
no |
no |
no |
|
Settings → R-Vision Incident Response Platform |
|
|
|
|
This section is available only to the general administrator. |
View R-Vision IRP integration settings |
yes |
no |
no |
no |
|
Change R-Vision IRP integration settings |
yes |
no |
no |
no |
|
Settings → Kaspersky Threat Lookup |
|
|
|
|
This section is available only to the general administrator. |
View the Threat Lookup integration settings |
yes |
no |
no |
no |
|
Edit the Threat Lookup integration settings |
yes |
no |
no |
no |
|
Settings → Alerts |
|
|
|
|
|
View the parameters |
yes |
yes |
yes |
no |
|
Edit the parameters |
yes |
yes |
yes |
no |
|
Settings → Incidents → Automatic linking of alerts to incidents |
|
|
|
|
|
See the settings |
yes |
no |
no |
no |
|
Edit the settings |
yes |
no |
no |
no |
|
Settings → Incidents → Incident types |
|
|
|
|
|
View the categories reference |
yes |
yes |
no |
no |
|
View the categories charts |
yes |
yes |
no |
no |
|
Add categories |
yes |
yes |
no |
no |
Available if the user has the administrator role in at least one tenant. |
Edit categories |
yes |
yes |
no |
no |
Available if the user has the administrator role in at least one tenant. |
Delete categories |
yes |
yes |
no |
no |
Available if the user has the administrator role in at least one tenant. |
Settings → RuCERT |
|
|
|
|
|
View the parameters |
yes |
no |
no |
no |
|
Edit the parameters |
yes |
no |
no |
no |
|
Settings → Hierarchy |
|
|
|
|
|
View the parameters |
yes |
no |
no |
no |
|
Edit the parameters |
yes |
no |
no |
no |
|
View incidents from child nodes |
yes |
yes |
yes |
yes |
|
Metrics |
|
|
|
|
|
Open metrics |
yes |
no |
no |
no |
|
Task manager |
|
|
|
|
|
View a list of your own tasks |
yes |
yes |
yes |
yes |
The section and tasks are not tied to a tenant. The tasks are available only to the user who created them. |
Finish your own tasks |
yes |
yes |
yes |
yes |
|
Restart your own tasks |
yes |
yes |
yes |
yes |
|
View a list of all tasks |
yes |
no |
no |
no |
|
Finish any task |
yes |
no |
no |
no |
|
Restart any task |
yes |
no |
no |
no |
|
CyberTrace |
|
|
|
|
This section is not displayed in the web interface unless CyberTrace integration is configured under Settings → CyberTrace. |
Open the section |
yes |
no |
no |
no |
|
Access to the data of tenants |
|
|
|
|
|
Access to tenants |
yes |
yes |
yes |
yes |
A user has access to the main tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant. Permissions to access the main tenant do not include access to all tenants, but only provide access to the data of the main tenant. |
Main tenant |
yes |
yes |
yes |
yes |
A shared tenant is used to store shared resources that must be available to all tenants. Although services cannot be owned by the shared tenant, these services may utilize resources that are owned by the shared tenant. These services are still owned by their respective tenants. Events, alerts and incidents cannot be shared. Permissions to access the shared tenant:
|
Shared tenant |
yes |
yes |
yes |
yes |
A user has access to the main tenant if its name is indicated in the settings blocks of the roles assigned to the user account. The access level depends on which role is indicated for the tenant. Permissions to access the main tenant do not grant access to other tenants. |