Skip to main content
Sumo Logic

CSE User Accounts and Roles

Learn how to create users and roles for CSE.

This topic has information about creating and managing user accounts and roles for CSE. CSE uses role-based access control (RBAC). An administrator controls access to capabilities by assigning capabilities or permissions to roles, and then assigning users to roles.  

The process and UI for setting users and roles depends on your CSE environment. 

  • If your CSE URL ends in sumologic.com, you’ll set up users and roles in the Sumo Logic platform UI. For instructions, see the following help topics:
    • Create and Manage Roles―Note that the Sumo Logic platform allows you to assign multiple roles to a user. So, you might consider creating CSE-specific roles for different CSE user types, separate from roles you may define for Sumo Logic platform functionality. The CSE-related capabilities you can assign to roles are listed in the Cloud SIEM Enterprise section of the Role Capabilities page. 
    • Create and Edit Users
  • If your CSE URL ends in jask.ui, you’ll set up user accounts and roles in the CSE UI. Follow the instructions below.

Invite a user

These instructions apply if your CSE URL ends in jask.ui.

  1. Click the gear icon, and choose Accounts under Users
    accounts-link.png
  2. On the Accounts page, click Invite.
    invite-link.png
  3. The Invite Users popup appears.
    invite-users.png
  4. Emails. Enter one or more email addresses. If you enter more than one address, separate them by commas.  
  5. Role. Use the down-arrow to view a list of roles, and choose one.
  6. Click Invite

The individuals you invite will be sent an email with a link to the CSE UI, like the one shown below.

invitation.png

When the invitee accesses the CSE UI, they’ll be prompted to select a CSE username and password.  

Create a role in CSE

A CSE role has a set of permissions associated with it. Users with that role have the permissions assigned to the role. 

To create a role 

  1. Click the gear icon, and choose Roles under Users
    roles-link.png
  2. The Roles page appears, and lists the roles that are already defined. There are two built-in roles that cannot be deleted or edited: Administrator and Analyst. The avatar for each user that has the role is shown―hover over it to see the user's name and username. 
    roles-page.png
  3. Click Create.
  4. The Create Role popup appears.create-role-popup.png
     
  5. Name. Enter a name for the role.
  6. Permissions. Checkmark each permission you want to assign to the role. For a description of each permission, see Role Permissions, below.
  7. Click Create.

Role Permissions

Insights/Signals

Permission Description
Comment on Insights Add comments to Insights.
Configure Insight Generation Configure Insight Generation Settings.
Create Insights Create Insights.
Delete Insights Delete Insights.
Invoke Insights Actions Choose and run an action from the Actions menu for an Insight.
Manage Insight Assignee
 
Change the user that is assigned to an Insight.
Manage Insights Signals Add Signals to Insights; remove Signals from Insights.
Manage Insight Status Change the status of an Insight.
Manage Insight Tags Add and delete tags assigned to Insights.

Records

Permission Description
Manage Favorite Fields Add and remove favorite fields by clicking the star button next to the fields in CSE Records.

Content

Permission Description
Create Rules Create Rules.
Delete Rules Delete Rules.
Edit Rules Edit Rules.
Manage Threat Intelligence Create, edit, and delete threat intelligence sources.
Manage Match Lists Create, edit, and delete Match Lists.
Manage File Analysis Create, edit, and delete YARA rules.
Manage Custom Insights Create, edit, and delete custom Insights.
Manage Network Blocks Create, edit, and delete network blocks.
Manage Suppressed Entities Suppress and unsuppress Entities.
Manage Suppressed Lists Create, edit, and delete lists of Record field values the presence of which will cause Signals to be suppressed. 

Other

Permission Description
Access Audit Logs Allows access to audit logs using API (/api/v1/audit-logs API).
Receive Admin Emails Receive account notifications when other users change their emails, passwords, API keys, and so on.
Use API Key Enables use of CSE API.

Configuration > Incoming Data

Permission Description
Manage Sensors Install, configure, and uninstall CSE Sensors.
Manage Log Mappings Create, edit, and delete log mappings.

Configuration > Entities

Permission Description
Manage Domain Normalization Update the configurations on CSE’s Domain Normalization page.
Manage Entity Criticality Create, edit, and delete Entity Criticalities

Configuration > Users

Permission Description
Manage Accounts/Invitations/Teams Add new CSE users, edit and remove existing CSE users.
Manage Roles/Permissions Create, edit, and manage CSE user roles.
Manage Workflow Create, edit, and delete Workflow statuses.

Configuration > Integrations

Permission Description
Manage Sumo Logic Integrations Create, edit, and delete Sumo Logic ingest mappings.
Manage Context Actions Create, edit, and delete Context Actions.
Manage Actions Create, edit, and delete the Actions. Actions are CSE notifications you can set up to occur automatically when certain state changes occur to Insights, sensors, or rules. Actions can also be invoked on-demand from an Insight in the CSE UI.
Manage Enrichments Upload Insight, Signal, and Entity enrichments using the CSE API.