AdministrationGuide · 2020. 8. 12. · DownloadFiles 292 UploadFiles 294 RegisterConnectors 296...
Transcript of AdministrationGuide · 2020. 8. 12. · DownloadFiles 292 UploadFiles 294 RegisterConnectors 296...
SNYPR 6.3.1 On-Prem
Administration Guide
Date Published: 8/11/2020
Securonix Proprietary Statement
This material constitutes proprietary and trade secret information of Securonix, and shall not be disclosed to any
third party, nor used by the recipient except under the terms and conditions prescribed by Securonix.
The trademarks, service marks, and logos of Securonix and others used herein are the property of Securonix or their
respective owners.
Securonix Copyright Statement
This material is also protected by Federal Copyright Law and is not to be copied or reproduced in any form, using any
medium, without the prior written authorization of Securonix.
However, Securonix allows the printing of the Adobe Acrobat PDF files for the purposes of client training and
reference.
Information in this document is subject to change without notice. The software described in this document is
furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in
accordance with the terms of those agreements. Nothing herein should be construed as constituting an additional
warranty. Securonix shall not be liable for technical or editorial errors or omissions contained herein. No part of this
publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser's internal use without
the written permission of Securonix.
Copyright © 2019 Securonix. All rights reserved.
Contact Information
Securonix
5080 Spectrum Drive, Suite 950W
Addison, TX 75001
(855) 732-6649
SNYPR Administration Guide 2
Table of ContentsIntroduction 5
SNYPR Overview 5Additional Resources 6
Data Flow in SNYPR 9
How Data Flows in SNYPR 9Spark Applications 12
Data Security 20
Configure SSL for Kafka Brokers 21Enable Kerberos Authentication for Cloudera Services 38Authenticate Kafka Consumer and Producer 63
Settings 67
Configure Hadoop 69Configure General Settings 170Enable/Configure Data Masking 180Masking Job Details 187Manage Ingesters 189Manage Installed Licenses and Products 194Enable LDAP Authentication 198Enable/Disable X509 Authentication 202Schedule Housekeeping Jobs 209Configure SAML Settings 216Configure SMTP Server Settings 221Configure Spotter Settings 230Configure UI Preferences 235Upload CRP/CFP Content 237
Access Control 245
Create Roles 247Create Users 254Create Groups 259Manage Users, Roles, and Groups 264Enable Granular Access Control 265Enable Password Control 272
Connection Types 275
Filter Components 275Add a New Connection 277Manage Connection Types 290
SNYPR Administration Guide 3
Download Files 292Upload Files 294Register Connectors 296
Email Templates 299
Create an Email Template 300Edit Email Templates 305
Workflows 308
Create a New Workflow 312Edit a Workflow 321
Spark Apps 322
Add Spark Jobs in Cloudera 333Stop Spark Jobs in Cloudera 339Administer Spark Jobs using Command Line 342View YARN Application Status 355
Appendix A: Access Privileges 356
SNYPR Administration Guide 4
Introduction
IntroductionThis Administration Guide is designed to help you configure, manage, and maintainSNYPR. It contains information about SNYPR components and how they work, variousfeatures and configuration settings, and how to configure and use SNYPR.
SNYPR OverviewSNYPR is a big data security analytics platform built on Hadoop that utilizes Securonixmachine-learning-based anomaly detection techniques and threat models to detectsophisticated cyber and insider attacks. SNYPR uses Hadoop both as its distributedsecurity analytics engine and long-term data retention engine. Hadoop nodes can beadded as needed, allowing the solution to scale horizontally to support hundreds ofthousands of events per second (EPS).
SNYPR features:
l Supports a rich variety of security data, including security event logs, user identity
data, access privileges, threat intelligence asset metadata, and netflow data.
l Normalizes, indexes, and correlates security event logs, network flows, and applic-ation transactions.
l Utilizes machine learning-based anomaly detection techniques, including behaviorprofiling, peer group analytics, pattern analysis, and event rarity to detect advancedthreats.
l Provides out-of-the-box threat and risk models for detection and prioritization ofinsider threat, cyber threat, and fraud.
l Risk-ranks entities involved in threats to enable an entity-centric (user or devices)approach to mitigating threats.
l Provides Spotter, a blazing-fast search feature with normalized search syntax thatenables investigators to investigate today’s threats and track advanced persistentthreats over long periods of time, with all data available at all times.
SNYPR Administration Guide 5
Introduction
Documentation ConventionsThere are different font styles used throughout the SNYPR documentation to indicatespecific information. The table below describes the common formatting conventionsused in the documentation:
Convention Description
Bold font
Words in bold can indicate the following:
l Buttons that you need to click
l Fields in the user interface (UI)
l Menu options in the UI
l Information you need to type or select
Indicates commands or code.
Menu navigationThe navigation path to reach a specific screen in the UI is separatedby a greater than symbol (>). For example, Menu > Administration.
UPPERCASE FONT All uppercase words are acronyms.
Folders and folderpaths
Quotation marks are used around a folder name or folder path. Forexample, “C:\Documents\UserGuide”.
Additional ResourcesIf you require additional information, the following guides are available:
Document Name Audience
Architecture Guide
System administrators, system integrators,
and deployment teams who need to
determine SNYPR deployment options in a
Hadoop cluster.
Installation Guide
System administrators, system integrators,
and deployment teams who need to install
the application.
SNYPR Administration Guide 6
Introduction
Document Name Audience
RIN Installation Guide
On-boarding team and deployment
engineers who need to install the RIN to
connect to the SNYPR application to ingest
data.
Data Integration Guide
Data integrators who need to import
activity and enrichment datasources to
support existing and custom use cases.
Content Guide
l Data Integrators and deployment
engineers who need to use existing
connectors to import data and deploy
available content.
l Content developers who need to use
the out-of-the-box content to detect
the threats to your
organization.
Analytics Guide
Content developers who need to use the
existing content and custom analytics
available in the SNYPR platform to
develop use cases to detect the threats to
your organization.
Security Analyst Guide
l Information security professionals and
security analysts who need to detect
and manage threats.
l Risk and compliance officers and IT
specialists who need to use SNYPR
reporting capabilities to monitor and
remediate compliance.
SNYPR Administration Guide 7
Introduction
Document Name Audience
Access Analytic Guide
l Information security professionals and
security analysts who need to detect
and remediate high-risk access due to
orphaned accounts, privilege creep, or
account compromise.
l Compliance officers and data owners
who need to review and remediate
access for privilege creep,
SOD violations, and orphaned
accounts.
Web Services GuideDevelopers who need to communicate to
SNYPR using the REST APIs.
SNYPR Administration Guide 8
Data Flow in SNYPR
Data Flow in SNYPRSNYPR is designed to ingest and analyze high volume of events in near real-time. Thisis possible because of the unique design of the SNYPR application. SNYPRencompasses a number of independent Spark Streaming applications that inter-operate with high precision to ensure extremely high speed processing of events.
Each Spark Streaming application performs a finite set of tasks on the micro-batch ofevents and moves them forward to the next stage. Internally, each Spark Steamingapplication may be running across multiple processors, which in turn may be runningacross multiple servers. This highly distributed processing framework enables SNYPRto be extremely elastic to meet the ingestion and analytics requirements oforganizations. When the events processed per second increases from hundreds tomillions, SNYPR can be scaled by adding more servers.
This document describes the data ingestion and analytics pipeline within SNYPR andthe components in the SNYPR and Hadoop ecosystem: Kafka, HDFS, Solr, SparkStreaming, MySQL, HBase, and Redis.
HowData Flows in SNYPRThe following diagram provides an overview of the data flow in SNYPR and how thedata is processed by various Spark applications.
SNYPR Administration Guide 9
Data Flow in SNYPR
a. Remote Ingester or SNYPR console ingests raw events. The raw events are thencompressed, encoded in Avro format (which makes it easier to read and interpretdata), then published in batches. Each batch includes information to uniquelyidentify the tenant, time zone, resource group, event count, media type, and col-lection method (e.g. Syslog, database, file, etc.) so the events can be routed in amulti-tenant deployment and parsed using the correct parser / parsing technique.
b. Enrichment Spark application (1) parses and normalizes data, performs identifyattribution, runs action filters, then enriches the events using data in Redis andpushes the "Enriched Event" to the Enriched Kafka Topic.
c. Event Ingestion Spark application (2) consumes the data in the Enriched Topic tostore the enriched events in HDFS.
d. Event Indexer Spark application (3) indexes the data in Solr.
e. Individual Event Evaluator (IEE) Spark application (5) consumes data in EnrichedTopic to analyze the event to determine if it meets conditions for a violation spe-cified in the policy. Events that meet conditions are sent to the Tier 2 or AEE-Tier2topic for further analysis.
f. Behavior Analytics application (4) consumes the filtered events in the Tier 2 topic
to summarize and store in HBase. This application also detects outliers frombaseline values and sends outliers to the Kafka Violations Staging topic.
g. Spark App 14 picks up violations from the Violation Staging Topic, stores them inHDFS and Solr, then sends the metadata about the violation to the Violation Topic.
h. The Behavior Profiling Spark application (9) reads the summarization from HBaseand generates behavior baseline values.
i. The Aggregated Event evaluator (AEE) (6) reads tables of aggregated events pop-ulated by IEE in AEE-Tier2 topic to determine if the events represent a pattern thatmeet the criteria for a violation. If events meet the criteria for a violation, they aresent to the Violation topic.
j. Traffic Analyzer application (8) consumes filtered events propagated to the Tier 2topic to perform automated whitelisting, detect rarity, and store data in HBase forRobotic Pattern Detection. If events meet the criteria for a violation, they are sentto the Violation topic.
SNYPR Administration Guide 10
Data Flow in SNYPR
k. Robotic Detection application (10) analyzes the data stored in HBase by TrafficAnalyzer to detect patterns in durations indicative of a beaconing activity. If eventsmeet the criteria for a violation, they are sent to the Violation topic.
l. The Risk Generation application (7) consumes Violations generated by the IEE,Behavior Analytics, AEE, and Traffic Analyzer apps and analyzes violations todetect threat chains. Additionally, the entities are assigned risk scores based on thetype of violation or threat. Optionally, violations requiring notifications and incid-ents are sent to the response topic.
New Data FlowSpark App 14 eliminates delay in risk scoring and reduce processing overhead forbehavior-based violation events.
The following diagram illustrates the new data flow for behavior-based violationevents with Spark Job 14:
SNYPR Administration Guide 11
Data Flow in SNYPR
Spark ApplicationsSpark applications process the data in SNYPR. The independent Spark Streamingapplications work together to allow SNYPR to ingest and analyze high volumes ofevents in real-time. Each application performs a set of tasks on the events coming intoSNYPR, then moves the tasks forward to the next stage.
Spark App 1: Event Enrichment Spark Application
The Event Enrichment Spark application consumes events from the Raw Topic andperforms parsing, normalization, user identity attribution, and enrichment prior topublishing the super enriched events to the Enriched Topic.
The Enrichment Spark application reads a number of compressed events from eachpartition in Kafka and performs the following sequence of tasks:
1. Uncompresses and decodes events in a batch.
2. Parses events (EventParser): Delimited / XML / JSON / WinEventFormat / KeyValue Pair / CEF / LEEF / Snare format, etc.
3. Performs Identity Attribution: Enrich events with user information. Match account-names to user attributes or IP Addresses to last user using ipaddress.
4. Runs Action Filters: Event Categorization, Derived attributes, Populate Active List,Enrich from lookup, watchlist, threat intelligence, geolocation, etc.
5. Compresses and encodes enriched events as Enriched Event Objects (EEO).
Spark App 2: Event Ingestion Spark Application
The Event Ingestion Spark application consumes events from the Enriched Topic andstores these events in a particular HDFS folder structure in Avro format. The IngestionSpark application reads a number of compressed events from each Enriched Topicpartition in Kafka and performs the following sequence of tasks:
1. Uncompresses and decodes events.
2. Aggregates events by Resourcegroupid / year / day of year.
SNYPR Administration Guide 12
Data Flow in SNYPR
3. Encodes data into Avro open event format and use HDFS API to store data in theresources-incoming folder in HDFS.
4. Sends counts of number of events stored in HDFS to the count topic for reportingpurposes.
A table metadata is pre-generated on the open event format to allow the use ofHive/Impala to run queries against the data. This means that third party applicationsand end users can directly interface with the data stored in HDFS using standardsimple query language syntax. Each resource group has a separate table inHive/Impala.
A high number of Avro files are generated because each executor write a separateAvro file for each batch processed. A nightly job called AvroParquetMigrationJob isrun to merge these Avro files into a super-compressed parquet file. Parquet file formatis a flat columnar data structure within Hadoop, which is more compressed andefficient.
Spark App 3: Event Indexer Spark Application
The Event Indexer Spark application consumes events from the Enriched Topic andindexes these events in Solr collections to enable lightning fast searching capabilityfrom the SNYPR console. The Event Indexer Spark application reads a number ofcompressed events from each Enriched Topic partition in Kafka and performs thefollowing sequence of tasks:
1. Uncompresses and decodes events.
2. Uses the Solr API to index event attributes that are marked for indexing.
3. Updates the controlcore collection with information about the date range for eachresource group.
4. Sends count of events indexed to the indexercount topic.
5. Generates new collections once the threshold value is reached for the maximumcount of documents in that collection.
SNYPR Administration Guide 13
Data Flow in SNYPR
The controlcore collection is used by SNYPR as an index of indexes. It storesinformation about the contents of each collection. For each data source, it stores thedate range that is available in that collection.
Spark App 4: Behavior Analytics Spark Application
The filtered events in the Tier 2 topic are consumed by the Behavior Analyticsapplication. The Behavior Analytics app counts the number of events for the checkwindow (daily, weekly, etc.), then stores the count in HBase to be consumed andsummarized by Behavior Profiling Spark. It reads the baseline for the entity generatedby Behavior Profiling based on the counts to detect outliers from baseline values andsends outliers to the Kafka Violations topic. It performs the following:
1. Consumes events from Tier-2.
2. Loads policy configurations depending on the type of check.
3. Maintains the counts associated with each event in HBase on first run.
4. Stores each key with a column family with data stored at a monthly level for each
occurrence of a month.
5. Stores entries for each month within the column families.
6. Check the count for each occurrence when processing each event to determine ifthe count exceeds the baseline.
7. Publishes the event as a violation to the Violation topic if the count exceeds the
baseline.
Spark App 5: Individual Event Evaluator (IEE) Spark Application
SNYPR provides advanced tiered analytical capabilities. The tiered approach toanalytics operates like a funnel where each step in the analytics operates on thefindings from the previous step. This tiered approach to analytics ensure that falsepositives are filtered out and the violations that are truly suspicious are passed alongto the SNYPR console as Threats.
SNYPR Administration Guide 14
Data Flow in SNYPR
The Individual Event Evaluator (IEE) Spark application is the first step for the real-timeanalytics engine within SNYPR. As the name suggests, Individual Event Evaluatoroperates on singular events to analyze its candidacy for subsequent analyticaltechniques. The IEE Spark App consumes events from the Enriched Topic and iscapable of the following analytical techniques:
1. Apply conditions: Example: <Event.Attribute Value>
2. Apply Special Operators
3. Check Against Lookup: Import list of items into a lookup table and reference it toidentify events that match the keys of the lookup table. Example: List of Admin-istrative accounts or List of Compliance critical assets can be added to a lookuptable. Events matching specific criteria and belonging to the lookup table can beflagged as violations.
4. Check Against Active List: Check sequences of events with common attributes.Example: Critical File Downloaded from SharePoint and the same file emailed to apersonal email account by the same user. An Active List is a temporary storage ofattribute value(s) extracted from an event and can then be referenced in an IEEpolicy to find violations like visits to malicious websites or malicious files detected
on servers.
5. Check Against TPI (Threat Intelligence): Check threat intel from third partiesingested into SNYPR such as suspicious domains, IP Addresses, file hashes etc. tofind violations of IEE policies like visits to malicious websites or malicious filesdetected on servers.
6. Check Against WatchList: Add malicious actors or entities deserving closer scru-tiny to watchlists for use in IEE policies.
7. Match String: Match two strings using string comparators like Jaro-wrinkler,advanced bi-gram comparator and condensed string comparators. Strings similareach other return a value closer to one, and strings uncommon to each other returna value of 0.5. This is useful for detecting violations like Account adding personalaccount to critical security group.
8. Email Sent to Self: Detect user exfiltrating data to their personal email address.This technique uses user personal information and forms email addresses thatcould be the personal email address and checks for these being used as recipientaddress.
SNYPR Administration Guide 15
Data Flow in SNYPR
Spark App 6: Aggregated Event Evaluator (AEE) Spark Application
The AEE Spark app evaluates multiple events passed from the IEE to detect relatedbehavior that indicates a threat.
1. Performs post processing on aggregated events send from the IEE App when eventrequires further analysis.
2. Evaluates tables of aggregated events.
3. Runs on scheduled intervals so it only runs when events are waiting to be analyzed.
4. Evaluates all the data in the aggregated events to recognize patterns and identifyoutliers.
5. Sends violations to the Violations topic.
Spark App 7: Risk Generation and Threat Model Spark Application
The Risk Generation and Threat Model Spark app consumes violations data generated
by the IEE, Analytics and Profiling, AEE, and Traffic Analyzer Spark apps to determinethe risk scores for violation entities.
1. Analyzes risk scores and stores them per entity in the risk score card core in Solr.
2. Records actions taken by analysts during threat management in the riskscorecardSOLR core.
3. Consolidates risk scores on a daily basis to provide trends in scores.
4. Stores risk scorecard history in the history collection.
5. Generates threat models.
6. Generates violation information and stores violations in the violations core in Solr.
7. Generates count of the violations to display on the Security Command Center andin Spotter.
Spark App 8: Traffic Analyzer Spark Application
Traffic Analyzer provides purpose-built analytics to detect behaviors exhibited by
SNYPR Administration Guide 16
Data Flow in SNYPR
malware. This Spark App performs checks against web proxy traffic using the followingprocess:
1. Consumes data from Tier 2 Kafka Topic published by IEE.
2. Processes events for the following checks:
l Algorithmically generated domains
l Beaconing patterns
l Access to rare domains
l Use of user agents
3. Publishes violations to Violations Topic which is then consumed by the Risk Gen-eration app.
See Network Traffic Analyzer in the SNYPR Data Integration Guide for more details.
Spark App 9: Behavior Profiling Spark Application
The Behavior Profiling Spark app establishes the behavior baselines used to detectoutlier behavior that indicates a threat.
1. Tracks the frequency or volume of parameters (for example, bytes in, bytes out) forthe configured parameters for each account, IP address, and resource
2. Maintains a summary of behavior within these parameters for the following timeframes:
l Hourly
l Daily
l Monthly
l Weekly
l Each day of the week (Sunday to Saturday)
3. Establishes a behavior baseline to generate the behavior profile for the account, IPAddresses, and resource
SNYPR Administration Guide 17
Data Flow in SNYPR
4. Checks the current frequency or volume count during import against the estab-lished baseline and marks the entity as a violation if the count exceeds the baselineplus the configured Sigma value.
5. Performs first time behavior checks
Spark App 10: Robotic Pattern Detector Spark Application
The Robotic Pattern Detector Spark app is used to detect beaconing behavior thatindicates a compromise from malware.
1. Reads data processed by Spark App 8: Traffic Analyzer Spark Application fromHBase.
2. Applies Beaconing algorithm to detect violations.
3. Publishes violations to Violations Topic to be processed by Risk Scoring Spark app.
Spark App 13: Action Prediction Learner
The Action Prediction Learner app is used to learn response actions from ThreatManagement or Incident Management for the Response Bot. Securonix SmartResponse framework uses the power of machine learning to understand the actions ofTier 2 Security Analysts and perform predictive analysis on new alerts to Tier-1Analysts. The goal is to enable Tier 1 Analysts with smart suggestions for dispositionsthat they need to make prior to escalating alerts to Tier 2 Analysts.
1. Learns actions based on historic actions taken on threats or incidents.
2. Stores the Forest (Group of trees) into HBase so the Risk Scoring app can use themto predict actions to take.
Spark App 14:
When the Behavior Analytics job captures a violation, it sends the violation entity, thepolicy violated, and metadata about the events to the Violation Staging Topic. SparkApp 14 runs at scheduled intervals to read the new events from the Violation Staging
SNYPR Administration Guide 18
Data Flow in SNYPR
topic. When it finds new events, it copies the events from the Tier2 topic into theviolation collection in Solr and writes them into HDFS for long term storage.
It also sends the violation entity, the policy violated, and metadata about the eventsto the Violation Topic to be read by the Risk Scoring job. The Risk scoring job sendsthe risk score information to the riskscorecard collection in Solr and to HBase.
SNYPR Administration Guide 19
Data Security
Data SecuritySNYPR includes several enhanced data security features. Choose an option below toensure the security of data stored from the Remote Ingester to a Hadoop cluster.
l Configure SSL from the Remote Ingester to the Hadoop Cluster
l Enable Kerberos Authentication for Cloudera Services
l Authenticate Kafka Consumer and Producer
SNYPR Administration Guide 20
Data Security
Configure SSL for Kafka BrokersThe Secure Sockets Layer (SSL) configuration process for Kafka Brokers consists offour parts, including:
1. Create SSL Certificates
2. Create keystores
3. Create truststores
4. Enable SSL keystore and truststore
Step 1: Create SSL Certificate1. (Optional) Create a master keystore to store all the certificates centrally. You may
already have a master keystore in which you can store your certificate authority(CA) signed SSL certificate.
2. Create a CA-signed SSL certificate to sign all server certificates with a trust chain.You can create a self-signed certificate or use certificates that are signed by a CA,such as Verisign.
1.Note: The CA is required for signing all server certificates with a trust chain.
3. Create a server certificate for each server.
Tip: For easier identification of the server, use the subject equal to the fully
qualified domain name (FQDN).
4. Create a server keystore for each server.
5. Import the server certificate into the server keystore.
6. Create a truststore.
Note: The same truststore can be used for all servers.
7. Import the SSL certificate trust chain into the truststore.
SNYPR Administration Guide 21
Data Security
Step 2: Create a KeystoreOnce you have created and saved an SSL certificate, you will create a keystore on yourKafka brokers in the Hadoop Cluster.
Note: The naming conventions used in this section are for reference only. You may
use your own naming conventions, but ensure you are copying the correct server
certificate to each server in your cluster.
8. Open your master keystore using a tool of your choice if you have stored your SSL
Certificate in the master keystore.
The KeyStore Explorer is an open source utility to open the master keystore (usedin the image below).
Tip: You can download the KeyStore Explorer at: http://keystore-explorer.org.
9. Select the signed certificate.
Example: securonix ca.
SNYPR Administration Guide 22
Data Security
10. Right click and select Sign > Sign New Key Pairfor each server.
Enter the key password for the certificate.
11. Accept the defaults, and click OK.
12. Accept the defaults, and enter the Name details.
SNYPR Administration Guide 23
Data Security
The certificate name include the following details:
l CN=<server FQDN>
l OU=saas
l O=Securonix
l L=Addison
SNYPR Administration Guide 24
Data Security
l ST=TX
l C=US
13. Click OK, then click OK again.
14. Accept the alias.
15. Enter the password, then click OK.
16. Select file as New.
17. Select JKS as the keystore type, then click OK. The server keystore is a Java key
store.
SNYPR Administration Guide 25
Data Security
18. Enter the keystore password and click Ok to save.
19. Enter the name of the keystore. Ensure that you use the same name for all the
server certificates.
20. Create a new folder with the server FQDN as the name, and save the keystore
inside the folder. Keep the keystore open to import the correct server certificate
into the keystore for the next step.
SNYPR Administration Guide 26
Data Security
21. Select the master keystore, and select the server certificate to export to a file.
22. Right click, select Export > Export Key Pair.
23. Enter the password for the certificate file, then click Export.
24. Import the server certificate into the server keystore, then click OK.
SNYPR Administration Guide 27
Data Security
25. Select the correct server keystore.
26. Select Tools > Import Key Pair.
27. Select PKCS #12.
28. Enter the decryption password associated with the certificate file. Select the server
certificate file, and click Import.
29. Accept the default alias, then click OK.
30. Enter the Key Pair entry password, then click OK.
31. Save the keystore.
The keystore is ready to be moved to the server.
32. Create a keystore for each server in your cluster with the same keystore name, thecorrect server certificate, and the same password for the keystore and key pair.
Step 3: Create a truststoreThe truststore contains an SSL certificate chain you are willing to trust when a remoteparty presents its certificate. Essentially, a certificate chain is an ordered list ofcertificates that contains a CA-signed SSL certificate (root SSL certificate) and anintermediate SSL certificate. This combination enables the receiver to verify that thesender and its intermediate SSL certificate are trustworthy. The chain or path beginswith the CA-signed SSL certificate, and each certificate in the chain is signed by theentity identified by the next certificate in the chain. The chain terminates with the rootSSL certificate.
SNYPR Administration Guide 28
Data Security
33. Select file as New.
34. Select JKS as the keystore type, then click OK.
35. Save the keystore.
36. Select File > Save.
37. Enter the keystore password, then select OK.
38. Enter the name of the keystore. This truststore will be shared with all the servers.
Keep the truststore open to import the correct server certificate in the next step.
SNYPR Administration Guide 29
Data Security
39. Open the master keystore from the Keystore Explorer and use your master
keystore password.
40. Select the securonix ca certificate.
41. Right click and select, Export > Export Certificate Chain.
42. Enter the key password for the securonix ca.
SNYPR Administration Guide 30
Data Security
43. Select a file name for the certificate chain to export, then click Export.
44. Select the truststore (truststore.jks) that was created earlier.
SNYPR Administration Guide 31
Data Security
45. Select, Tools > Import Trusted Certificate.
46. Select the file that was exported, and click Import.
47. Select OK.
48. Save the truststore.
This truststore is ready to move to all servers so that servers can autenticate signedkeys under the root.
Step 4: Enable SSL Keystore and Truststore49. Complete the following actions on each server:
# sudo mkdir /opt/certs
50. Copy the keystore (different for each server), and the truststore (the same for all
SNYPR Administration Guide 32
Data Security
servers) to:
/opt/certs/server.jks
/opt/certs/truststore.jks
chown root:root /opt/certs/truststore.jks
chmod 0440 /opt/certs/truststore.jks
chown root:root /opt/certs/server.jks
chmod 0440 /opt/certs/server.jks
51. Log in to Cloudera Manager.
52. From the home page, select Kafka on the left.
53. Click the Configuration tab to set the values in the Kafka service.
On the Configuration screen, search for the property that you want to set.
SNYPR Administration Guide 33
Data Security
Example: ssl.client.auth.
Similarly, set the values for the remaining Kafka properties as shown in the table
below:
Kafka Properties Value
SSL Client Authentication(ssl.client.auth)
required
Inter Broker Protocol(security.inter.broker.protocol)
Inferred
SNYPR Administration Guide 34
Data Security
Kafka Properties Value
Kafka Broker AdvancedConfiguration Snippet (SafetyValve) for kafka.properties
num.network.threads=16socket.send.buffer.bytes=1048576socket.receive.buffer.bytes=1048576socket.request.max.bytes=104857600replica.fetch.wait.max.ms=500replica.socket.timeout.ms=30000replica.socket.receive.buffer.bytes=65536replica.high.watermark.checkpoint.interval.ms=5000 controller.socket.timeout.ms=30000controller.message.queue.size=10zookeeper.sync.time.ms=2000socket.request.max.bytes=104857600queued.max.requests=16fetch.purgatory.purge.interval.requests=100producer.purgatory.purge.interval.requests=100
Enable TLS/SSL for KafkaBroker (ssl_enabled)
checked
Kafka Broker TLS/SSL ServerJKS Keystore File Location(ssl.keystore.location)
/opt/certs/server.jks
Kafka Broker TLS/SSL ServerJKS Keystore File Password(ssl.keystore.password.generator)
keystore password
Kafka Broker TLS/SSL ServerJKS Keystore Key Password(ssl.key.password.generator)
key password
Kafka Broker TLS/SSLCertificate Trust Store File(ssl.truststore.location)
/opt/certs/saastruststore.jks
Kafka Broker TLS/SSLCertificate Trust StorePassword(ssl.truststore.password.generator)
truststore password
SNYPR Administration Guide 35
Data Security
54. Stop the Kafka brokers by going to Instances.
55. Select a Kafka broker, and click the Actions for Selected drop-down. From this
drop-down, click Stop.
56. Deploy the client configuration.
SNYPR Administration Guide 36
Data Security
57. Start the Kafka brokers.
SNYPR Administration Guide 37
Data Security
Enable Kerberos Authentication for ClouderaServicesThis section explains how to configure and enable Kerberos authentication forCloudera Services with SNYPR. The Kerberos protocol provides user authenticationwhen a user tries to connect to a Cloudera Services.
This section covers the following topics:
1. Step 1: Host Configuration
2. Step 2: Integrate SNYPR with Kerberized Hadoop Service
3. Step 3: Connect to the Kerberized Hadoop Services
4. Step 4: Extend HDFS Access Control Lists
5. Step 5: Sentry Deployment
6. Step 6: Enable Sentry for Hive
7. Step 7: CDH SSL
Before You BeginThis section lists the minimum requirements necessary to enable KerberosAuthentication for Cloudera Services:
l Establish a working Kerberos Key Distribution Center (KDC). The configurationassumes Microsoft Kerberos Services. For detailed information about Microsoft
Kerberos Services, see the References section.
l Enable Kerberos Authentication in CDH. Use the Cloudera documentation avail-able at the following link to enable Kerboros authentication: https://www.clouder-a.com/documentation/enterprise/5-8-x/topics/cm_sg_intro_kerb.html
l Obtain an AD functional ID with access to Kerberized services (Hadoop servicesfor SNYPR).
l Ensure Kerberos principals are enabled for the user and services.
l Ensure Kerberos Keytab files are configured at the following link:https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cdh_sg_kadmin_kerberos_keytab.html
SNYPR Administration Guide 38
Data Security
Step 1: Host Configuration1. Ensure Kerberos clients (krb5-workstation, krb5-libs) are installed on all the nodes,
including the master and worker. If a shared cluster is being accessed, install theKerberos client on the node where the SNYPR application resides.
2. Configure Kerberos configuration files on all the nodes that use the Hadoop
services: vi /etdc/krb.conf
3. Configure JAAS configuration files on all the nodes that use Hadoop services:
vi/home/securonix/jaas.conf.
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=True
SNYPR Administration Guide 39
Data Security
keytab=/home/securonuix/securonix_krb5d.keytab;
};
Tip: Copy the Keytab file in the securonix user home directory.
4. Modify the securonix user .bash_profile and append the following entry. This allows
the Keytab file to automatically load from the users profile to authenticate against
AD/KDC and run Hadoop commands:
kinit –kt ${HOME}/securonix_krb5d.keytab
Schedule a cron entry so you can log in to all nodes daily to refresh your Kerberos
ticket. This is assuming SSH key exchanges are configured from master to all nodes.
5. Check if you have a valid Kerberos ticket by using this command:
#klist -a.
Text similar to the following sample is shown:
6. Ensure YARN/Spark Gateways, and Hadoop librarries are installed in SNYPR
master mode if you are in a shared environment. This step is not required if the
SNYPR Administration Guide 40
Data Security
SNYPR application is co-located with SNYPR services.
7. Run the Hadoop commands to validate if you can access the Kerberized services.
Step 2: Integrate SNYPR with Kerberized Hadoop ServiceFrom the SNYPR user interface, navigate to Menu > Settings > Hadoop Integration.Follow the directions for configuring Kerberos on Solr, Impala, HBase, HDFS, andSPARK in Configure SNYPR Hadoop Settings.
Step 3: Connect to the Kerberized Hadoop ServicesMake the suggested changes to all the Spark job shell scripts to add Kerberos specificconfigurations:
spark-submit \
--name "$1" \
--driver-memory $2 \
--num-executors $3 \
--executor-memory $4 \
--driver-cores $5 \
--executor-cores $6 \
--queue ${12} \
--conf spark.yarn.driver.memoryOverhead=${10} \
--conf spark.yarn.executor.memoryOverhead=${11} \
--driver-java-options "-Djute.maxbuffer=50000000" \
--jars ./jars/snyper-common-6.1.1.jar,./jars/hadoop-util-
6.1.1.jar,./jars/hbase-util-6.1.1.jar,./jars/kafka-client-
6.1.1.jar,./jars/event-parser-6.1.1.jar,./jars/securonixlib-
6.1.1.jar,./jars/profiler-6.1.1.jar,./jars/hibernate-core-
3.3.2.GA.jar,./jars/hibernate-c3p0-3.6.3.Final.jar,./jars/c3p0-
0.9.1.2.jar,./jars/quartz-all-1.8.5.jar,./jars/hibernate-commons-
annotations-3.3.0.ga.jar,./jars/hibernate-annotations-
3.4.0.GA.jar,./jars/dom4j-
1.6.1.jar,./jars/jbpm.jar,./jars/persistence-api-
SNYPR Administration Guide 41
Data Security
1.0.jar,./jars/mysql-connector-java-5.1.25.jar,./jars/javassist-
3.4.GA.jar,./jars/freemarker-2.3.8.jar,./jars/solr-solrj-
6.6.0.jar,./jars/noggit-0.5.jar,./jars/httpmime-
4.2.5.jar,./jars/log4j-api-2.5.jar,./jars/log4j-core-
2.5.jar,./jars/solr6-util-6.1.1.jar,./jars/kafka-clients-
0.9.0.0.jar,./jars/javax.json-1.0.4.jar,./jars/jackson-module-
afterburner-1.9.4.jar,./jars/snypr-core-16-
6.1.1.jar,./jars/guava-14.0.1.jar,./jars/kafka_2.10-0.9.0-kafka-
2.0.2.jar,./jars/httpclient-4.5.2.jar \
--conf "spark.executor.extraClassPath=guava-14.0.1.jar:solrj-
6.6.0.jar" \
--conf "spark.driver.extraClassPath=guava-14.0.1.jar:solrj-
6.6.0.jar" \
--class com.securonix.eventindexer.runner.Indexer \
--master yarn-cluster \
--conf "spark.executor.extraJavaOptions=-XX:+UseConcMarkSweepGC -
Djute.maxbuffer=50000000" \
--files
./conf/hibernate.cfg.xml,./conf/log4j.properties,./conf/log4j2.xm
l
–conf spark.hadoop.fs.hdfs.impl.disable.cache=true
–conf mapreduce.job.complete.cancel.delegation.tokens=false
--principal user/hostname@domain
--keytab /path/to/foo.keytab
8. Run the Spark jobs and validate they are running.
Example of Cloudera Cluster Authentication, Authorization, and Security withKerberos
Before you begin this section, ensure that the following prerequisites are fulfilled:
SNYPR Administration Guide 42
Data Security
l Linux packages and Active Directory prerequisites are satisfied.
l The Transport Layer Security (TLS) protocol is configured to ensure that the cre-dentials are secured while being transferred.
Once you have fulfilled the prerequisites for this section, follow the steps below:
1. Launch Cloudera Manager and login with LDAP Administrative account.
2. Click the drop-down button, to the right of the cluster name, and select Enable
Kerberos.
SNYPR Administration Guide 43
Data Security
3. Review the prerequisites for enabling Kerberos. If all steps have been performed,
check them and continue.
SNYPR Administration Guide 44
Data Security
4. Update the following configuration items:
Field Value
KDC Type Active Directory
KDC Server Host TEST.SECURONIX.COM
Kerberos Security Realm TEST.SECURONIX.COM
Kerberos Encryption Types
rc4-hmac
aes128-cts
aes256-cts
Active Directory Suffix<PATH TO DEDICATED OU IN ACTIVEDIRECTORY>
Active Directory Account Prefix snypr <ENVIRONMENT>
5. Click Continue.
6. CheckManage krb5.confthrough Cloudera Manager and DNS Lookup KDC when
prompted for the KRB5 Configuration.
SNYPR Administration Guide 45
Data Security
7. When prompted for the KDC Account Manager Credentials, provide the username
and password for the account that has read, update, and delete access to the
dedicated OU specified in the Active Directory Suffix entry.
8. Click Continue.
Cloudera Manager runs a series of tests to confirm the account has the correct
level of access. If successful, the credentials are successfully imported.
9. When prompted for the Kerberos Principal names, accept the defaults and click
Continue.
10. When prompted to Configure Ports, accept the defaults.
11. Check Yes, I am ready to restart the cluster now, then select Continue.
SNYPR Administration Guide 46
Data Security
Cloudera Manager starts the Kerberos configuration process. As services are
configured, the status screen is updated.
12. Once Kerberos authentication is successfully configured for all the services, click
Continue.
13. When prompted with the Congratulations screen, click Finish. The Kerberos
Credentials screen appears.
14. Confirm that all services, including the load balancer DNS entries are listed.
15. Return to the Cloudera Manager Home.
16. Click HDFS > Configuration.
17. Locate the Additional Rules to Map Kerberos Principals to Short Names field, and
enter the following information:
SNYPR Administration Guide 47
Data Security
18. Click Save Changes.
19. Restart any Stale Services.
20. Log in to one of the Management Nodes and request a Kerberos ticket. kinit
21. Verify that a ticket has been returned. klist.
22. Execute the pi test.
Hadoop jar /opt/cloudera/parcels/CDH/lib/hadoop-
mapreduce/hadoop- mapreduce-examples.jar pi 10 100
You should see output similar to the following:
SNYPR Administration Guide 48
Data Security
23. Confirm that the job has completed successfully.
24. Remove the Kerberos ticket from the cache.
SNYPR Administration Guide 49
Data Security
Step 4: Extend HDFS Access Control Lists9. Launch Cloudera Manager and log in with the LDAP administrative account.
10. Click HDFS.
11. Click Configuration.
12. Enable the Enable Access Control List configuration option.
13. Save the changes and restart the stale services.
Step 5: Sentry DeploymentGenerate Kerberos credentials as part of the Sentry deployment process. Ensure thatthe functional ID specified during Kerberos configuration has read, update and delete
access to the dedicated OU.
14. Launch Cloudera Manager and log in with LDAP administrative account.
15. Click the drop-down to the right of the cluster name and select Add a Service.
16. Select Sentry when you are prompted for the type of service to add.
17. Click Continue.
SNYPR Administration Guide 50
Data Security
18. Select the Sentry Server Host, and click Continue.
19. Enter the connection information for the Sentry database.
20. Click the Test Connection button to confirm successful connectivity.
21. Click Continue. Cloudera Manager proceeds to deploys Sentry in the cluster. The
status page updates as each step is completed.
22. Once the deployment is completed, click Continue.
SNYPR Administration Guide 51
Data Security
23. Click Finish. You are returned to the Sentry status page.
24. Click Configuration.
25. Update the following log locations:
l Audit Log Directory: /var/cdhlog/sentry/audit
l Sentry Server Log Directory: /var/chdlog/sentry
26. Click Save Changes.
27. Locate the Admin Groups configuration item, and click Add edhadmin.
28. Click Save Changes.
29. Click the Actions button, and select Restart.
Step 6: Enable Sentry for Hive30. Log in to the Edge Node.
31. Retrieve a Kerberos ticket for a user who is a member of the HDFS SuperuserGroup. kinit [email protected]
32. Change the permissions of the /user/hive/warehouse/directory to reflect
the new Superuser group name.
SNYPR Administration Guide 52
Data Security
$ hdfs dfs -chmod -R 771 /user/hive/warehouse
33. Confirm the permissions are changed.
$ hdfs dfs -ls /user/hive
You should see the following output:
34. Launch Cloudera Manager and log in with an LDAP administrative account.
35. Click Hive, then click Configuration.
36. Uncheck the HiveServer2 Enable Impersonation configuration item.
37. Click Save Changes.
38. Restart any stale services.
39. Return to Cloudera Manager Home, and click Yarn.
40. Locate the Allowed System Users configuration option and confirm that Hive is
listed. If not, add Hive, and click Save Changes.
41. Return to Cloudera Manager Home, and click Hive.
42. Click Configuration.
43. Locate the Sentry Service configuration option and set the property to Sentry.
SNYPR Administration Guide 53
Data Security
44. Locate the Server Name for Sentry Authorization configuration option and enter
hivesentryserver in the field.
45. Click Save Changes.
SNYPR Administration Guide 54
Data Security
Enable Sentry for Impala
To enable Sentry for Impala, follow these steps:
1. Launch Cloudera Manager and log in with an LDAP administrative account.
2. Select Impala.
3. Select Configuration.
4. Locate the Sentry Service configuration item and set the property to Sentry.
5. Click Save Changes.
6. Restart any stale services.
Setup Global Sentry Policy
To set up privileges within Sentry, refer to Authorization Privilege Model for Hive andImpala and Hive SQL Syntax at www.cloudera.com.
1. Log in to the one of Management Nodes.
2. Retrieve a Kerberos ticket for a user that is a member of the HDFS Superuser
Group.
kinit [email protected]
3. Launch beeline.
beeline
4. Connect to the Hive Server using the Load Balanced address.
SNYPR Administration Guide 55
Data Security
!connect jdbc:hive2://<LB_HIVE>:10005/;principal=_
5. Verify that you have successfully connected to Hive.
show databases;
6. Create a new Sentry called admin_all_role using the following command:
CREATE ROLE admin_all_role;
7. Confirm the role is created using the following command:
show roles;
SNYPR Administration Guide 56
Data Security
8. Grant the newly created role to the HDFS Superuser group.
GRANT ROLE admin_all_role TO GROUP edhadmin;
9. Confirm the group is added to the role.
SHOW ROLE GRANT GROUP edhadmin;
SNYPR Administration Guide 57
Data Security
10. Grant full Sentry access to the admin_all_role.
GRANT ALL ON SERVER hivesentryserver TO ROLE admin_all_role;
11. Confirm the access was granted to the role.
SHOW GRANT ROLE admin_all_role;
Step 7: CDH SSLCloudera provides a utility that simplifies the SSL configuration process. The stepsdescribed in this section assume that you have configured this utility, and requestedand received signed SSL. For detailed instructions on how to configure this utility, referto Cloudera documentation.
SNYPR Administration Guide 58
Data Security
1. Log in to the Cloudera Manager Host as root.
2. Change directories to cert-toolkit home.
3. Open defaults.yaml for editing. Edit the following fields to edit the following
fields:
l HDFS_SSL: Yes
l YARN_SSL: Yes
l HIVE_SSL: No
l HBASE_SSL: Yes
l NAVIGATOR_METADATA_SSL: Yes
l HUE_SSL: Yes
l IMPALA_SSL: Yes
l OOZIE_SSL: Yes
l SOLR_SSL: Yes
l KTS_SSL: No
l KMS_SSL: No
l ENABLE_WEB_CONSOLE_AUTH: Yes
4. Enable TLS for Cloudera Manager and its agents.
# python certtoolkit.py enable_tls
Provide the keystore and truststore password when prompted. Provide the samepasswords that you used for the Cloudera Manager SSL configuration.
The script imports the signed certificates, builds a truststore and deploys the
certificates to each node in the cluster. When finished, the Cloudera Manager, its
agents and all CDH services are restarted.
SNYPR Administration Guide 59
Data Security
SNYPR Administration Guide 60
Data Security
LDAP Authentication in Impala
To perform LDAP authentication in Impala, follow these steps:
1. Launch Cloudera Manager and log in with an LDAP administrative account.
2. Click Impala, then click Configuration.
3. From the Category menu, select Security to update the following fields.
l LDAP URL: ldaps://cbmcc-d3-host2.test.securonix.com :3269ldaps://cbmcc-d3-host1.test.securonix.com :3269 ldaps://cbmcc-
d3-host3.test.securonix.com :3269.
l Enable LDAP Authentication: Enabled.
l Active Directory Domain: TEST.SECURONIX.COM.
l LDAP Server CA Certificate: "/opt/cloudera/security/ca-certs/ldap-ca.pem".
4. Click Save Changes and restart all stale services.
Static Pools
To allocate memory and I/O per service, follow these steps:
1. Launch Cloudera Manager and log in with an LDAP administrative account.
2. Click Clusters, and select Static Service Pools.
3. Click Configuration and enter the following allocation percentages:
l HDFS: 10%
l Impala: 30%
l YARN: 60%
Cloudera Manager calculates the CPU, memory, and I/O allocations per service.
4. Click Continue.
SNYPR Administration Guide 61
Data Security
5. Restart the cluster, and verify that all services have started correctly.
6. Click Finished.
7. Return to Cloudera Manager Home.
8. Click, Yarn > Configuration.
9. Confirm Use cGroups for Resource Management and Always Use Linux Con-tainer Executor are checked. If not, restart the wizard.
Related Referencesl https://www.cloudera.com/documentation/enterprise/5-7-x/topics/cm_sg_using_cm_sec_config.html
l HDP-Kerberos: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configuring_amb_hdp_for_kerberos.html
l Microsoft Kerberos Survival Guide: https://so-cial.technet.microsoft.com/wiki/contents/articles/4209.kerberos-survival-guide.aspx
l Microsoft Kerberos Services:
l MSFT KDC REF: https://b-logs.technet.microsoft.com/askds/2008/03/06/kerberos-for-the-busy-admin/
l MSFT KDC REF: https://technet.microsoft.com/en-us/library/cc772815(v=ws.10).aspx
SNYPR Administration Guide 62
Data Security
Authenticate Kafka Consumer and ProducerSNYPR 6.2 CU4 extends the Secure Sockets Layer (SSL) Kafka communication withKerberos authentication and includes the following protocol types:
l SASL Plaintext Kerberos: Simple Authentication and Security Layer (SASL) is usedover a plaintext channel. Once the SASL authentication is established between theclient and server, the session will have the client’s principal as the authenticateduser. There won’t be any wire encryption in this case, as all the channel com-munication will be over plain text.
l SASL SSL Kerberos: SSL will be established initially and SASL authentication willbe done over SSL. Once SASL authentication is established, the users principal willbe used as the authenticated user. This option is useful if users want to use SASLauthentication (such as Kerberos) with wire encryption.
When you have Kafka configured in your cluster, you need to have additionalconfigurations to enable the Kafka consumer and producer to successfullyauthenticate them in the Kerberos Hadoop cluster.
Follow the steps below to ensure the consumer and producer function properly in thesecure Hadoop environment:
1. Create a jass.conf file with the following content in #cd /opt/keytabs/system:
[root@10-0-77-18 keytabs]# more jaas.conf
Client {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
useKeyTab=true
storeKey=true
useTicketCache=false
refreshKrb5Config=true
isInitiator=true
principal="[email protected]"
keyTab="/opt/keytabs/securonix.keytab";
SNYPR Administration Guide 63
Data Security
};
[root@10-0-77-18 keytabs]#
2. Create a kafka-jaas.conf file with the following content:
[root@10-0-77-18 certs]# cd /opt/keytabs/
[root@10-0-77-18 keytabs]# ll
total 16
-rwxr-xr-x. 1 securonix securonix 285 Apr 27 15:53 jaas.conf
-rw-r--r--. 1 root root 92 May 1 15:56 kafka-jaas.conf
-rw-------. 1 root root 722 May 1 14:44 kafka.keytab
-rwxr-xr-x. 1 securonix securonix 546 Apr 27 15:16
securonix.keytab
[root@10-0-77-18 keytabs]# less kafka-jaas.conf
[root@10-0-77-18 keytabs]# more kafka-jaas.conf
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true;
};
Note: With the approach above, you will need to do kinit first to retrieve the
Kerberos ticket stored in the cache.
3. Add the following command to /etc/profile:
export KAFKA_OPTS=-Djava.security.auth.login.config={Path to
clientjaas.conf}
4. Load the /etc/profile and reinitialize the ticket for securonix.keytab on all
nodes.
SNYPR Administration Guide 64
Data Security
5. Create a file client.properties file using the following content:
[root@10-0-77-18 certs]# pwd
/opt/certs
[root@10-0-77-18 certs]# ls -lrt
total 16
-rw-r--r--. 1 root root 1011 May 1 12:55 truststore.jks
-rw-r--r--. 1 root root 2332 May 1 13:03 server.jks
-rw-r--r--. 1 root root 302 May 1 15:29 kafka-
saslssl.properties
cd /opt/certs
vi kafka-saslssl.properties
security.protocol=SASL_SSL
sasl.kerberos.service.name=kafka
ssl.truststore.location=/opt/certs/truststore.jks
ssl.truststore.password=securonix24K
ssl.keystore.location=/opt/certs/server.jks
ssl.keystore.password=securonix24K
ssl.key.password=securonix24K
ssl.keystore.type=jks
ssl.truststore.type=jks
6. Obtain the ticket cache with the following content:
kinit -kt /opt/keytabs/securonix.keytab [email protected]
7. Use the following content to test and verify the consumer and producer:
klist
kinit -kt /opt/keytabs/securonix.keytab
SNYPR Administration Guide 65
Data Security
klist
8. Launch the Kafka console consumer as follows:
cd /opt/cloudera/parcels/KAFKA/bin/
./kafka-console-consumer --bootstrap-server
10.0.77.18:9093,10.0.77.19:9093,10.0.77.20:9093 --topic
sasltest --from-beginning --
consumer.config /opt/certs/kafka-saslssl.properties
9. Launch the Kafka console producer as follows:
cd /opt/cloudera/parcels/KAFKA/bin/
./kafka-console-producer --broker-list
10.0.77.18:9093,10.0.77.19:9093,10.0.77.20:9093 --
topic sasltest --producer.config /opt/certs/kafka-
saslssl.properties
Related ResourcesThis section provides additional information and links related to this topic:
l How To Guide: http://www.irfanelahi.com/data-science/kafka-console-consumer-producer-kerberos-hadoop/
l Kafka SASL/Kerberos and SSL Implementation: https://cwiki.a-pache.org/confluence/pages/viewpage.action?pageId=51809888
l Cloudera Terminology: https://www.cloudera.com/documentation/kafka/2-0-x/topics/kafka.html
SNYPR Administration Guide 66
Settings
SettingsThe Settings module enables you to control settings such as general settings, Hadoopcluster settings, UI preferences and more. To access the Settings module, navigate toMenu > Administration > Settings .
From here, you can select which setting you'd like to configure from the left pane. Theleft pane includes the following settings:
l Application Settings
l Archival Settings
l Data Masking
l Hadoop
l Manage Ingesters
l Housekeeping Jobs
l X509 Authentication
l Log Settings
l Manage License
SNYPR Administration Guide 67
Settings
l SAML Settings
l SMTP Server Settings
l UI Preferences
l CRP/CFP Content Upload
l Spotter Settings
l Control Flag Tracker
l Thread Trends
Click a setting to learn more about what each setting does.
SNYPR Administration Guide 68
Settings
Configure HadoopSNYPR uses Hadoop technologies including, HDFS, Impala, Kafka, HBase, Solr, andYarn. Once you integrate Hadoop, you must configure your Hadoop settings withinthe SNYPR application.
This section will guide you through the configuration options that are available to you.
To configure Hadoop settings within SNYPR, do the following:
1. Navigate to Menu > Administration > Settings.
2. Click Hadoop from the left pane.
Tip:
l Hide left pane: Click the green X to hide the left pane.
l Show left pane: Click the three green lines to show the left pane.
3. Select one of the following Hadoop distributions for your environment:
SNYPR Administration Guide 69
Settings
a. Cloudera: Cloudera provides a platform that makes it easy to manage rapidlyincreasing volumes and varieties of data in your enterprise. Cloudera productsand solutions enable you to deploy and manage Apache Hadoop and relatedprojects, manipulate and analyze your data, and keep data secure and pro-tected.
b. Hortonworks: Hortonworks data platform uses Apache Hadoop to managelarge data sets across computer clusters.
4. Click the component you want to configure:
SNYPR Administration Guide 70
Settings
a. Tenant-Config: Select the tenant provided by Securonix.
b. Kafka: Horizontally scalable message-bus used to manage the delivery of incom-ing security events.
c. Solr: Solr is a popular search platform that provides distributed indexes ofevents for streaming fast, interactive access of security events and violations.Solr can run on HDFS or on disk, so it can be scaled up as needed. Solr is used inSpotter to create complex queries and interactive visualization.
d. Impala / Hive: Impala is massively parallel processing (MPP) SQL query enginefor data stored in a computer cluster running Apache Hadoop. Impala bringsscalable parallel database technology to Hadoop, enabling users to issue low-latency SQL queries to data stored in HDFS and Apache HBase withoutrequiring data movement or transformation.
SNYPR Administration Guide 71
Settings
Apache Hive is a data warehouse software project built on top of ApacheHadoop for providing data summaries, queries, and analysis. Hive gives an SQL-like interface to query data stored in various databases and file systems thatintegrate with Hadoop.
e. HBase: Hbase is a non-relational (NoSQL) database that runs on top of HDFS.It is an open source NoSQL database that provides real-time read/write accessto large data sets. It can also handle large data sets with billions of rows and mil-lions of columns, and easily combines data sources that use a wide variety of dif-ferent structures and schemas.
f. HDFS: The Hadoop Distributed File System (HDFS) is designed to store verylarge data sets distributed on different data nodes reliably and stream thosedata sets at a high bandwidth to user applications. HDFS stores file systemsmetadata and application data separately. HDFS stores metadata on a ded-icated server, called the NameNode. Application data are stored on other serv-ers called DataNodes.
g. Redis: Redis is a data structures server that supports different kinds of values.In traditional key-value stores, you associate string keys to string values.
Whereas, in Redis you can hold more complex data structures.
h. Spark: The main feature of Spark is the in-memory cluster computing thatincreases the processing speed of an application. Spark is designed to cover awide range of workloads such as batch applications, iterative algorithms, inter-active queries, and streaming. In SNYPR, Spark is used in ingestion, indexing,and analytics algorithms.
5. Do the following, depending on the component you selected in the previous step:
Tenant-Config
The Tenant-Config component is where you will select and configure your tenant.
SNYPR Administration Guide 72
Settings
a. Complete the following information in the Tenant section:
l Select the available Tenant name: Click the drop-down and select a tenantname.
l Customer Identifier: A unique identifier for a tenant used during Security
Assertion Markup Language (SAML) authentication. It can be passed as anadditional attribute in SAML assertion for tenant mapping. This is usuallyneeded only if the tenant name is expected to change on the provider side.
l Tenant Shortcode:Enter a short code that will help you identify the tenant.
l Tenant Color: Select a color that will help you identify the tenant.
l Tenant-Timezone: Click the drop-down and select a timezone for the ten-ant.
b. Click Save & Next to save your configurations.
c. (Optional) Click to expand the Kafka section below to learn how to configurethe Kafka component.
Kafka
Kafka is a distributed publish-subscribe messaging system that is capable of
SNYPR Administration Guide 73
Settings
handling trillions of events a day. In SNYPR, Kafka plays very important role inpublishing and consuming activity data/notifications.
Follow the instructions below to configure Kafka
a. Click the Authentication Type drop-down and select one of the following
authentication types:
l NoAuth
l SSL
l Kerberos_With_Truststore
l Kerberos
b. Do the following, depending on what you selected in the previous step:
NoAuth
1. Enter the URL for the Kafka Brokers.
2. Complete the following information in the Topic Details section:
SNYPR Administration Guide 74
Settings
a. Zookeeper Quorum:The Zookepeer quorum used for kafka.
Example: 10.0.3.185:2181,10.0.3.186:2181,10.0.3.189:2181
b. Preview Topic:Preview Topic used while configuring the ingester datasource.
c. Access Topic: Access Topic Used for Ingesting Access Data.
d. Users Topic: Users are Ingested to User topic.
Example: Securonix-User.
SNYPR Administration Guide 75
Settings
e. Enriched Topic: The topic name for the Enriched Events. Make sure thatthis topic is created on Kafka.
Example: Securonix-EnrichedEvents
f. External Raw Topic: The topic name for the External Raw Events. Makesure that this topic is created on Kafka.
g. Internal Raw Topic: The topic name for the Internal Raw Events. Makesure that this topic is created on Kafka.
h. Sandbox Raw Topic: The topic name for the Sandbox Raw Events. Makesure that this topic is created on Kafka.
i. Configuration Messages Topic: Configuration changes (such as policychanges) from the user interface are communicated to Spark applicationsusing this topic.
Example: Securonix-UIControlFlags.
j. Indexer Counts Topic: The Indexer SPARK application publishes eventcounts per Resource Group.
Example: Securonix-IndexedEventCounts.
k. Job Tracker Topic: SPARK applications publish the count of eventsprocessed per job for tracking from user interface.
Example: Securonix-JobCountTracker.
l. Log Message Topic: Debug and Information level log messages
SNYPR Administration Guide 76
Settings
generated by SPARK applications are published to this topic in CEFFormat.
Example: Securonix-OperationalLogs.
m. Violations Topic: Violations are published to this topic for Risk Scorecalculation.
Example: Securonix-Violations.
n. Violations Queue Topic: Violations are published to this topic for Risk
Score calculation.
o. GateWay-Control Topic: Sends requests to and receives responses from
the Gateway.
p. Software Update Topic: This topic is for pushing or downloading
artifacts to or from gateway.
q. Tier2 Topic: Summary and the behavior analytics is done on the events
that get published to the Tier2 topic.
Example: Securonix-tiertwo.
r. AEE Tier2 Topic: Provides a topic where events filtered from IEE arechanneled to the AEE spark processor.
s. Metadata Topic: Allows non-activity imports from RIN. The name of the
topic should always start with snypr-metadata.
t. TPI Topic: Used for third-party integration (TPI) RIN import.
3. Complete the following information in the Kafka Message Settings section:
SNYPR Administration Guide 77
Settings
SNYPR Administration Guide 78
Settings
a. Max Message Size: Maximum size in bytes for a single message sent tothe Kafka topics.
b. Batch Size: Upper limit in bytes of how many messages Kafka producerwill attempt to batch before sending. (Default is 16K bytes – 16 mes-sages if each message is 1K in size).
c. Linger: Time in milliseconds to wait prior to publishing events. If fewermessages are collected than batch size, the producer will wait for this spe-cified time.
d. Compression Type: Messages are compressed prior to publishing.Choose the compression technique to use.
e. Failed Events Folder: If kafka producer fails to publish events then theseevents will be moved to a local folder.
f. Failed Events Folder Size in Bytes: Maximum storage space in bytes forstoring failed events.
g. Interval to check failed events: Retry interval in milliseconds to waitprior to checking Failed Events Folder.
h. Enrichment Compression Batch Size: Number of Events that should be
compressed into a single message to send to the Enrichment Topic.
Note: The recommendation is 10,000.
i. Raw Compression Batch Size: Number of Events that should be com-pressed into a single message to send to the Raw Topic.
1.Note: The recommendation is 10,000.
4. Click Save & Next.
SSL
1. Enter the URL for the Kafka Brokers in the Broker field.
SNYPR Administration Guide 79
Settings
2. Complete the following information in the next 4 sections, including ClientSSL Configuration for Console, Client SSL Configuration for Cluster,Broker SSL Configuration for Console, and Broker SSL Configuration forCluster:
a. Key Password: Provide the SSL password.
b. Key Store Location: Provide the Key store Location.
c. Key Store Password: Provide the Key Store password.
d. Trust Store Location: Provide the trust store location.
e. Trust Store Password: Provide the trust store Password.
SNYPR Administration Guide 80
Settings
3. Complete the following information in the Topic Details section:
a. Zookeeper Quorum: Zookepeer quorum used for kafka.
b. Preview Topic: Preview topic used while configuring the ingester datasource.
SNYPR Administration Guide 81
Settings
c. Access Topic: Access topic used for ingesting access data.
d. Users Topic: Users are ingested to the user topic.
e. Enriched Topic: The topic name for the enriched events. This topic needsto be created on Kafka.
f. External Raw Topic: The topic name for the external raw events.
g. Internal Raw Topic: The topic name for the Internal raw events.
h. Sandbox Raw Topic: The topic name for the Sandbox Raw Events. Make
sure that this topic is created on Kafka.
i. Configuration Messages Topic: Configuration changes from user inter-face are communicated to Spark applications using this topic.
j. Indexer Counts Topic: The Indexer Spark application publishes eventcounts per resource group.
k. Job Tracker Topic: SPARK applications publish the count of events pro-cessed per job for tracking from user interface.
l. Log Message Topic: Debug and Information level log messages gen-erated by SPARK applications are published to this topic in CEF Format.
m. Violations Topic: Violations are published to this topic for risk score cal-culation.
n. Violation Queue Topic:Violations are published to this topic for riskscore calculation, for example Securonix-violationqueue.
o. Gateway-Control Topic:For sending and receiving request and responsefrom gateway.
p. Software Update Topic: Used for pushing or downloading artifacts to orfrom the Gateway.
q. Tier2 Topic: Summary and the behavior analytics is done on the eventsthat get published to the Tier2 topic.
SNYPR Administration Guide 82
Settings
r. AEE Tier2 Topic: Provides a topic where events filtered from IndividualEvent Evaluator (IEE) is channeled to Aggregated Event Evaluator (AEE)spark processor.
s. Metadata Topic: Allows non-activity imports from the RIN. The name of
the topic should always start with snypr-metadata.
t. TPI Topic: Used for the TPI RIN Import.
4. Complete the following information in the Kafka Message Settings section:
SNYPR Administration Guide 83
Settings
SNYPR Administration Guide 84
Settings
a. Max Message Size: Maximum size in bytes for a single message sent tothe Kafka topics.
b. Batch Size: Upper limit in bytes of how many messages Kafka producerwill attempt to batch before sending. (Default is 16K bytes – 16 mes-sages if each message is 1K in size).
c. Linger: Time in milliseconds to wait prior to publishing events. If fewermessages are collected than batch size, the producer will linger for thisspecified time.
d. Compression Type: Messages are compressed prior to publishing.Choose the compression technique to use.
e. Failed Events Folder: If kafka producer fails to publish events then theseevents will be moved to a local folder.
f. Failed Events Folder Size in Bytes: Maximum storage space in bytes forstoring failed events.
g. Interval to check failed events: Retry interval in milliseconds to waitprior to checking Failed Events Folder.
h. Enrichment Compression Batch Size: Number of Events that should be
compressed into a single message to send to the Enrichment Topic.
Tip: The recommendation is 10,000.
i. Raw Compression Batch Size: Number of Events that should becompressed into a single message to send to the Raw Topic.
Tip: The recommendation is 10,000.
5. Click Save & Next.
SNYPR Administration Guide 85
Settings
Kerberos_With_Truststore
1. Complete the following information in the Authentication Type section:
a. Host FDQN: The fully qualified domain name of the host.
b. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
c. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers.
e. Service Name: The service name of the server.
f. Jaas Conf File Path: Enter the Java Authentication and Authorization
Service (JAAS) Conf file path.
SNYPR Administration Guide 86
Settings
g. Authentication Mechanism: Type the authentication mechanism.
h. Broker: The URL for the Kafka Brokers.
2. Complete the following information in the next 4 sections, including ClientSSL Configuration for Cluster, Broker SSL Configuration for Console,Broker SSL Configuration for Cluster, and Broker SSL Configuration forCluster:
a. Key Password: Provide the SSL password.
b. Key Store Location: Provide the Key store Location.
c. Key Store Password: Provide the Key Store password.
d. Trust Store Location: Provide the trust store location.
e. Trust Store Password: Provide the trust store Password.
3. Complete the following information in the Topic Details section:
SNYPR Administration Guide 87
Settings
a. Zookeeper Quorum: Zookepeer quorum used for kafka.
b. Preview Topic: Preview topic used while configuring the ingester datasource.
c. Access Topic: Access topic used for ingesting access data.
d. Users Topic: Users are ingested to the user topic.
SNYPR Administration Guide 88
Settings
e. Enriched Topic: The topic name for the enriched events. Make sure thatthis topic is created on Kafka.
f. External Raw Topic: The topic name for the External Raw Events. Makesure that this topic is created on Kafka.
g. Internal Raw Topic: The topic name for the Internal Raw Events. Makesure that this topic is created on Kafka.
h. Sandbox Raw Topic: The topic name for the Sandbox Raw Events. Makesure that this topic is created on Kafka.
i. Configuration Messages Topic: Configuration changes from user inter-face are communicated to SPARK applications using this topic.
j. Indexer Counts Topic: The Indexer SPARK application publishes eventcounts per resource group.
k. Job Tracker Topic: SPARK applications publish the count of events pro-cessed per job for tracking from user interface.
l. Log Message Topic: Debug and Information level log messages gen-erated by SPARK applications are published to this topic in CEF Format.
m. Violations Topic: Violations are published to this topic for risk score cal-culation.
n. Violation Queue Topic:Violations are published to this topic for riskscore calculation, for example Securonix-violationqueue.
o. Gateway-Control Topic: For sending and receiving request and responsefrom gateway.
p. Software Update Topic: Used for pushing or downloading artifacts toor from the Gateway.
q. Tier2 Topic: Summary and the behavior analytics is done on the eventsthat get published to the Tier2 topic.
SNYPR Administration Guide 89
Settings
r. AEE Tier2 Topic: Provides a topic where events filtered from IndividualEvent Evaluator (IEE) is channeled to Aggregated Event Evaluator (AEE)spark processor.
s. Metadata Topic: Allows non-activity imports from RIN. The name of the
topic should always start with snypr-metadata.
t. TPI Topic: Used for the TPI RIN import.
4. Complete the following in the Kafka Message Settings section:
SNYPR Administration Guide 90
Settings
SNYPR Administration Guide 91
Settings
a. Max Message Size: Maximum size in bytes for a single message sent tothe Kafka topics.
b. Batch Size: Upper limit in bytes of how many messages Kafka producerwill attempt to batch before sending. (Default is 16K bytes – 16 mes-sages if each message is 1K in size).
c. Linger: Time in milliseconds to wait prior to publishing events. If fewermessages are collected than batch size, the producer will linger for thisspecified time.
d. Compression Type: Messages are compressed prior to publishing.Choose the compression technique to use.
e. Failed Events Folder: If kafka producer fails to publish events then theseevents will be moved to a local folder.
f. Failed Events Folder Size in Bytes: Maximum storage space in bytes forstoring failed events.
g. Interval to check failed events: Retry interval in milliseconds to waitprior to checking Failed Events Folder.
h. Enrichment Compression Batch Size: Number of Events that should be
compressed into a single message to send to the Enrichment Topic.
Tip: The recommendation is 10,000.
i. Raw Compression Batch Size: Number of Events that should be
compressed into a single message to send to the Raw Topic.
Tip: The recommendation is 10,000.
5. Click Save & Next.
SNYPR Administration Guide 92
Settings
Kerberos
1. Complete the following information in the Authentication Type section:
a. Host FDQN: The fully qualified domain name of the host.
b. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers.
c. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
d. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
e. Jaas Conf File Path: Enter the Java Authentication and Authorization Ser-vice (JAAS) Conf file path.
f. Service Name: The service name of the server.
g. Authentication Mechanism: Type the authentication mechanism.
SNYPR Administration Guide 93
Settings
h. Broker: The URL for the Kafka Brokers.
2. Complete the following information in the Topic Details section:
SNYPR Administration Guide 94
Settings
a. Zookeeper Quorum: Zookepeer quorum used for kafka.
b. Preview Topic: Preview topic used while configuring the ingester datasource.
c. Access Topic: Access topic used for ingesting access data.
d. Users Topic: Users are ingested to the user topic.
e. Enriched Topic: The topic name for the enriched events. Make sure thatthis topic is created on Kafka.
f. External Raw Topic: The topic name for the External Raw Events. Makesure that this topic is created on Kafka.
g. Internal Raw Topic: The topic name for the Internal Raw Events. Makesure that this topic is created on Kafka.
h. Sandbox Raw Topic: The topic name for the Sandbox Raw Events. Makesure that this topic is created on Kafka.
i. Configuration Messages Topic: Configuration changes from user inter-
face are communicated to Spark applications using this topic.
j. Indexer Counts Topic: The Indexer Spark application publishes eventcounts per resource group.
k. Job Tracker Topic: SPARK applications publish the count of events pro-cessed per job for tracking from user interface.
l. Log Message Topic: Debug and Information level log messages gen-erated by SPARK applications are published to this topic in CEF Format.
m. Violations Topic: Violations are published to this topic for risk score cal-culation.
n. Violation Queue Topic:Violations are published to this topic for riskscore calculation, for example Securonix-violationqueue.
o. Gateway-Control Topic: For sending and receiving request and responsefrom gateway.
SNYPR Administration Guide 95
Settings
p. Software Update Topic: Used for pushing or downloading artifacts toor from the Gateway.
q. Tier2 Topic: Summary and the behavior analytics is done on the eventsthat get published to the Tier2 topic.
r. AEE Tier2 Topic: Provides a topic where events filtered from IndividualEvent Evaluator (IEE) is channeled to Aggregated Event Evaluator (AEE)spark processor.
s. Metadata Topic: Allows non-activity imports from RIN. The name of the
topic should always start with snypr-metadata.
t. TPI Topic: Used for the TPI RIN import.
3. Complete the following in the Kafka Message Settings section:
SNYPR Administration Guide 96
Settings
SNYPR Administration Guide 97
Settings
a. Max Message Size: Maximum size in bytes for a single message sent tothe Kafka topics.
b. Batch Size: Upper limit in bytes of how many messages Kafka producerwill attempt to batch before sending. (Default is 16K bytes – 16 mes-sages if each message is 1K in size).
c. Linger: Time in milliseconds to wait prior to publishing events. If fewermessages are collected than batch size, the producer will linger for thisspecified time.
d. Compression Type: Messages are compressed prior to publishing.Choose the compression technique to use.
e. Failed Events Folder: If kafka producer fails to publish events then theseevents will be moved to a local folder.
f. Failed Events Folder Size in Bytes: Maximum storage space in bytes forstoring failed events.
g. Interval to check failed events: Retry interval in milliseconds to waitprior to checking Failed Events Folder.
h. Enrichment Compression Batch Size: Number of Events that should be
compressed into a single message to send to the Enrichment Topic.
Tip: The recommendation is 10,000.
i. Raw Compression Batch Size: Number of Events that should be
compressed into a single message to send to the Raw Topic.
Tip: The recommendation is 10,000.
4. Click Save & Next.
Solr
a. Click the Authentication Type drop-down and select one of the following
SNYPR Administration Guide 98
Settings
authentication types:
l NoAuth
l Kerberos
l LDAP
l Kerberos_With_Truststore
l SSL
l Basic
l Basic_With_SSL
b. Do the following, depending on what you selected in the previous step:
NoAuth
1. Complete the following information in the Authentication Type section:
SNYPR Administration Guide 99
Settings
a. ZK Quorum: Enter the Zookeeper quorum used for Solr.
b. Solr Zookeeper Connection Timeout: Enter the Solr Zookeeper con-nection timeout.
c. Solr Zookeeper Session Timeout: Enter the Solr Zookeeper sessiontimeout.
a. Solr Version: Click the drop-down and select a Solr version.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
b. Solr Storage: Click the drop-down and select a Solr version.
SNYPR Administration Guide 100
Settings
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
c. Enable Replica Creation Mode: Set to YES to enable this setting.
d. Replica Creation Mode: The replica type created on primary and
secondary servers when High Availability is enabled.
l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.
Note: This option is only available for SOLR6 or lower.
l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.
l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. The
primary replica type is TLOG, and secondary replica type is PULL.
2. Complete the following information in the Collection Details section:
SNYPR Administration Guide 101
Settings
a. Type: The type of collection.
b. Name: The name of the collection.
c. No Of Shards: Enter the number of shards.
d. Replication Factor: Enter the replication factor.
3. Do the following in the Solr Additional Settings section:
a. Batch Size: Number of events indexed during single commit to Solr whileindexing
b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.
c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.
d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.
4. Click Save & Next.
SNYPR Administration Guide 102
Settings
Kerberos
1. Complete the following information in the Authentication Type section:
a. Host FQDN: The fully qualified domain name of the host.
b. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).
SNYPR Administration Guide 103
Settings
c. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys (which are derived from the Kerberos password).
d. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
e. Jaas Conf File Path: Enter the Java Authentication and Authorization Ser-vice (JAAS) Conf file path.
f. Service Name: Enter the service name.
g. Authentication Mechanism: Type the authentication mechanism.
h. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-152.securonix.com:2181/solr]
i. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.
j. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.
k. Solr Version: Click the drop-down and select a Solr version.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
l. Solr Storage: Click the drop-down and select the Solr storage.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
m. Enable Replica Creation Mode: Set to YES to enable this setting.
n. Replica Creation Mode: The replica type created on primary and
secondary servers when High Availability is enabled.
SNYPR Administration Guide 104
Settings
l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.
Note: This option is only available for SOLR6 or lower.
l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.
l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. Theprimary replica type is TLOG, and secondary replica type is PULL.
2. Complete the following information in the Collection Details:
a. Type: The type of collection.
b. Name: The name of the collection.
c. No Of Shards: Enter the number of shards.
d. Replication Factor: Enter the replication factor.
3. Complete the following information in the Solr Additional Settings section:
SNYPR Administration Guide 105
Settings
a. Batch Size: Number of events indexed during single commit to Solr whileindexing
b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.
c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.
d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.
4. Click Save & Next.
LDAP
1. Complete the following information in the Authentication Type section:
SNYPR Administration Guide 106
Settings
a. Username: Enter the username.
b. Password: Enter a password.
c. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-152.securonix.com:2181/solr]
d. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.
e. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.
SNYPR Administration Guide 107
Settings
f. Solr Version: Click the drop-down and select a Solr version.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
g. Solr Storage: Click the drop-down and select the Solr storage.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
h. Enable Replica Creation Mode: Set to YES to enable this setting.
i. Replica Creation Mode: The replica type created on primary and
secondary servers when High Availability is enabled.
l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.
Note: This option is only available for SOLR6 or lower.
l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.
l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. Theprimary replica type is TLOG, and secondary replica type is PULL.
2. Complete the following information in the Collection Details:
SNYPR Administration Guide 108
Settings
a. Type: The type of collection.
b. Name: The name of the collection.
c. No Of Shards: Enter the number of shards.
d. Replication Factor: Enter the replication factor.
3. Do the following in the Solr Additional Settings section:
SNYPR Administration Guide 109
Settings
a. Batch Size: Number of events indexed during single commit to Solr whileindexing
b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.
c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.
d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.
4. Click Save & Next.
Kerberos_With_Truststore
1. Complete the following information in the Authentication Type section:
SNYPR Administration Guide 110
Settings
a. Host FQDN: The fully qualified domain name of the host.
b. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
c. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
SNYPR Administration Guide 111
Settings
d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).
e. Service Name: The service name of the server.
f. Trust Store Path: The Trust Store path.
g. Trust Store Password: The Trust Store password.
a. Jaas Conf File Path: Enter the Jaas Conf file path.
b. SSL Value: Enter the SSL value.
c. Authentication Mechanism: Enter the authentication mechanism.
d. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-152.securonix.com:2181/solr]
e. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.
f. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.
g. Solr Version: Click the drop-down and select a Solr version.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
h. Solr Storage: Click the drop-down and select the Solr storage.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
i. Enable Replica Creation Mode: Set to YES to enable this setting.
j. Replica Creation Mode: The replica type created on primary and
secondary servers when High Availability is enabled.
SNYPR Administration Guide 112
Settings
l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.
Note: This option is only available for SOLR6 or lower.
l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.
l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. Theprimary replica type is TLOG, and secondary replica type is PULL.
2. Provide the following information in the Collection Details section:
a. Type: The type of collection.
b. Name: The name of the collection.
c. No Of Shards: Enter the number of shards.
d. Replication Factor: Enter the replication factor.
3. Complete the following information in the Solr Additional Settings section:
SNYPR Administration Guide 113
Settings
a. Batch Size: Number of events indexed during single commit to Solr whileindexing
b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.
c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.
d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.
4. Click Save & Next.
SSL
1. Complete the following information in the Authentication Type section:
SNYPR Administration Guide 114
Settings
a. Trust Store Location: Enter the trust store location.
b. Trust Store Password: Enter the trust store password.
c. ZK Quorum: Zookeeper quorum used for Solr. e.g :[snyper-10-0-3-150.securonix.com,snyper-10-0-3-151.securonix.com,snyper-10-0-3-
152.securonix.com:2181/solr]
d. Solr Zookeeper Connection Timeout: Solr Zookeeper connectiontimeout.
e. Solr Zookeeper Session Timeout: Solr Zookeeper session timeout.
f. Solr Version: Click the drop-down and select a Solr version.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
g. Solr Storage: Click the drop-down and select the Solr storage.
SNYPR Administration Guide 115
Settings
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
h. Enable Replica Creation Mode: Set to YES to enable this setting.
i. Replica Creation Mode: The replica type created on primary and
secondary servers when High Availability is enabled.
l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.
Note: This option is only available for SOLR6 or lower.
l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.
l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. The
primary replica type is TLOG, and secondary replica type is PULL.
2. Provide the following information in the Collection Details section:
SNYPR Administration Guide 116
Settings
a. Type: The type of collection.
b. Name: The name of the collection.
c. No Of Shards: Enter the number of shards.
d. Replication Factor: Enter the replication factor.
3. Complete the following information in the Solr Additional Settings section:
a. Batch Size: Number of events indexed during single commit to Solr whileindexing
b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.
c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.
d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.
4. Click Save & Next.
SNYPR Administration Guide 117
Settings
Basic
1. Complete the following information in the Authentication Type section:
a. Username: Enter the username for basic authentication.
b. Password: Enter the password for basic authentication.
c. Zookeeper Quorum: Enter the Zookepeer quorum used for Kafka.
d. Solr Zookeeper Connection Timeout: Enter the Solr Zookeeper
connection timeout.
e. Solr Zookeeper Session Timeout: Enter the Solr Zookeeper session
timeout.
f. Solr Version: Click the drop-down and select a Solr version.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
SNYPR Administration Guide 118
Settings
g. Solr Storage: Click the drop-down and select the Solr storage.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
h. Enable Replica Creation Mode: Set to YES to enable this setting.
i. Replica Creation Mode: The replica type created on primary and
secondary servers when High Availability is enabled.
l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.
Note: This option is only available for SOLR6 or lower.
l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.
l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. Theprimary replica type is TLOG, and secondary replica type is PULL.
2. Provide the following information in the Collection Details section:
SNYPR Administration Guide 119
Settings
a. Type: The type of collection.
b. Name: The name of the collection.
c. No Of Shards: Enter the number of shards.
d. Replication Factor: Enter the replication factor.
3. Complete the following information in the Solr Additional Settings section:
a. Batch Size: Number of events indexed during single commit to Solr whileindexing
b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.
c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.
d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.
4. Click Save & Next.
SNYPR Administration Guide 120
Settings
Basic_With_SSL
1. Complete the following information in the Authentication Type section:
a. Truststore Location: Enter the truststore location for basic SSL
authentication.
b. Truststore Password: Enter the truststore password for basic SSL
authentication.
c. Username: Enter the username for SSL authentication.
d. Password: Enter the password for SSL authentication.
e. Zookeeper Quorum: Enter the Zookepeer quorum used for Kafka.
f. Solr Version: Click the drop-down and select a Solr version.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
SNYPR Administration Guide 121
Settings
g. Solr Storage: Click the drop-down and select the Solr storage.
Note: For Solr version SOLR4 and SOLR5 ,storage type DISK will be
disabled.
h. Enable Replica Creation Mode: Set to YES to enable this setting.
i. Replica Creation Mode: The replica type created on primary and
secondary servers when High Availability is enabled.
l DEFAULT: Supports active searching and indexing on all replicas. Theprimary and secondary replica type is NRT.
Note: This option is only available for SOLR6 or lower.
l TLOG_TLOG: Supports active searching and indexing on all replicas.The replica type is TLOG.
l TLOG_PULL: Allows searches to be directed only to secondary serv-ers, however, indexing stops when the primary server goes down. Theprimary replica type is TLOG, and secondary replica type is PULL.
2. Provide the following information in the Collection Details section:
SNYPR Administration Guide 122
Settings
a. Type: The type of collection.
b. Name: The name of the collection.
c. No Of Shards: Enter the number of shards.
d. Replication Factor: Enter the replication factor.
3. Complete the following information in the Solr Additional Settings section:
a. Batch Size: Number of events indexed during single commit to Solr whileindexing
b. Inter Batch Sleep: Duration in millisecond to wait before retrying indexfor a failed batch.
c. Collection Soft Threshold: Size of the document each collection shouldhave if multiple collections are enabled. This is only a soft threshold andeach collection will have documents near to the configured value.
d. Create Force Collection: This allows you to create collection forcefullyfrom the UI whenever new cores get added to Solr.
4. Click Save & Next.
SNYPR Administration Guide 123
Settings
Impala/Hive
a. Click the Authentication Type drop-down and select one of the followingauthentication types:
l NoAuth
l Kerberos
l LDAP
l Kerberos_With_Truststore
l SSL
b. Do the following, depending on what you selected in the previous step:
NoAuth
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 124
Settings
a. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.
b. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
c. Hive Password: Enter the Hive password. Leave this field blank if Secure
Hive User is not setup or if the cluster is not secure.
d. Database: Enter the database name to use.
e. Table Prefix: Table prefix name to use for resources.
f. JDBC Driver: JDBC Driver name.
g. (Optional) JDBC Extra parameters: The string specified in this field willbe appended to the connection string.
h. Partitions Per Page: Enter the number of partitions per page. Hive organ-izes tables into partitions distributed to multiple hosts. Partition makesit easy to query relevant portions of data.
2. Enter the Hive URL that you want to be used for running Hive reports.
3. Complete the following information in the section:
SNYPR Administration Guide 125
Settings
a. Hive On Sparks Properties: Enter the Hive on Sparks properties.
b. Connection Pool Properties: Enter the connection pool properties.
4. Click Save & Next.
Kerberos
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 126
Settings
a. Host FQDN: The fully qualified domain name of the host.
b. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).
c. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
d. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
e. Jaas Conf File Path: Enter the Jaas Conf file path.
SNYPR Administration Guide 127
Settings
f. Service Name: Enter the service name.
g. Authentication Mechanism: Enter the authentication mechanism.
h. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.
i. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
j. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
k. Database: Enter the database name to use.
l. Table Prefix: Table prefix name to use for resources.
m. JDBC Driver: JDBC driver name.
n. (Optional) JDBC Extra parameters: The string specified in this field willbe appended to the connection string .
o. Partitions Per Page: Enter the partitions per page.
2. Enter the Hive URL that you want to be used for running Hive reports.
SNYPR Administration Guide 128
Settings
3. Complete the following information in the section:
a. Hive On Sparks Properties: Enter the Hive on Sparks properties.
b. Connection Pool Properties: Enter the connection pool properties.
4. Click Save & Next.
LDAP
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 129
Settings
SNYPR Administration Guide 130
Settings
a. Username: Enter the username for LDAP authentication.
b. Password: Enter the password for LDAP authentication.
c. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.
d. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
e. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
a. Database: Enter the database name to use.
b. Table Prefix: Table prefix name to use for resources.
c. JDBC Driver: JDBC Driver name.
d. JDBC Extra parameters: The string specified in this field will be appen-ded to the connection string. JDBC extra parameters are not mandatory.
e. Partitions per page: Enter the number of partitions per page.
2. Enter the Hive URL that you want to be used for running Hive reports.
SNYPR Administration Guide 131
Settings
3. Complete the following information in the section:
a. Hive On Sparks Properties: Enter the Hive on Sparks properties.
b. Connection Pool Properties: Enter the connection pool properties.
4. Click Save & Next.
Kerberos_With_Truststore
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 132
Settings
a. Host FQDN: The fully qualified domain name of the host.
b. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
c. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to a
SNYPR Administration Guide 133
Settings
cluster).
e. Service Name: The service name of the server.
f. Trust Store Path: @Trust Store Path.
g. Trust Store Password: @Trust Store Password.
h. Jaas Conf File Path: Enter the Jaas Conf file path.
i. SSL Value: Enter the SSL value.
j. Authentication Mechanism: Enter the authentication mechanism.
k. Connection URL: Enter the connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.
l. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
m. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
n. Database: Enter the database name to use.
o. Table Prefix: Table prefix name to use for resources.
p. JDBC Driver: JDBC driver name.
q. (Optional) JDBC Extra parameters: The string specified in this field willbe appended to the connection string.
r. Partitions Per Page: Enter the partitions per page.
2. Enter the Hive URL that you want to be used for running Hive reports.
SNYPR Administration Guide 134
Settings
3. Complete the following information in the section:
a. Hive On Sparks Properties: Enter the Hive on Sparks properties.
b. Connection Pool Properties: Enter the connection pool properties.
4. Click Save & Next.
SSL
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 135
Settings
a. Trust Store Location: Enter the key store location.
b. Trust Store Password: Enter the key store password.
c. Connection URL: Enter the Connection URL of Impala in the followingformat: sobdin244.securonix.com:21050.
d. Hive Username: Enter the Hive username. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
e. Hive Password: Enter the Hive password. Leave this field blank if SecureHive User is not setup or if the cluster is not secure.
a. Database: Enter the database name to use.
b. Table Prefix: Table prefix name to use for resources.
c. JDBC Driver: JDBC Driver name.
d. (Optional) JDBC Extra parameters: The string specified in this field will
SNYPR Administration Guide 136
Settings
be appended to the connection string.
e. Partitions Per Page: Enter the partitions per page.
2. Enter the Hive URL that you want to be used for running Hive reports.
3. Complete the following information in the section:
a. Hive On Sparks Properties: Enter the Hive on Sparks properties.
b. Connection Pool Properties: Enter the connection pool properties.
4. Click Save & Next.
SNYPR Administration Guide 137
Settings
HBase
a. Click the Authentication Type drop-down and select one of the followingoptions:
l NoAuth
l Kerberos
l LDAP
l Kerberos_With_Truststore
b. Do the following, depending on what you selected in the previous step:
NoAuth
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 138
Settings
a. Name Space: Enter the name space name for HBase.
b. Split Tables: Select one of the following options:
SNYPR Administration Guide 139
Settings
l YES: Enables you to split tables.
l NO: This option does not let you split tables.
HBase stores rows of data in tables. Tables are split into chunks of rowscalled “regions”. Those regions are distributed across the cluster, hostedby RegionServers.
c. (Optional) Regions: This field only displays if you set Split Tables to YES.Enter the number of regions.
d. Resources: Resources required to connect to HBase. The core-site.xml
file contains basic Hadoop configuration settings for Hadoop Core such
as I/O settings that are common to HDFS. The hbase-site.xml file
contains the configuration settings for HBase daemons.
Example: file:///etc/hbase/conf/hbase-site.xml
2. Click Save & Next.
Kerberos
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 140
Settings
a. Host FQDN: The fully qualified domain name of the host.
b. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).
c. Key Tab Path: a file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
SNYPR Administration Guide 141
Settings
d. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
e. Jaas Conf File Path: Enter the Jaas Conf file path.
f. Service Name: Enter the service name.
g. Authentication Mechanism: Enter the authentication mechanism.
h. Name Space: Enter name space name for HBase.
i. Split Tables: This toggle has two options:
l YES: Set to YES to split tables.
l NO: Set to NO if you don't want to split tables.
HBase stores rows of data in tables. Tables are split into chunks of rowscalled “regions”. Those regions are distributed across the cluster, hostedby RegionServers.
j. Regions: This field only displays if you set Split Tables to YES. Enter thenumber of regions.
k. Resources: Resources required to connect to HBase.
The core-site.xml file contains basic Hadoop configuration settings for
Hadoop Core such as I/O settings that are common to HDFS. The hbase-
site.xml file contains the configuration settings for HBase daemons.
Example: file:///etc/hbase/conf/hbase-site.xml
2. Click Save & Next.
LDAP
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 142
Settings
SNYPR Administration Guide 143
Settings
a. Username: Enter the username for LDAP authentication.
b. Password: Enter the password for LDAP authentication.
c. Name Space: Enter name space name for HBase.
d. Split Tables: This toggle has two options:
l YES: Set to YES to split tables.
l NO: Set to NO if you don't want to split tables.
e. Regions: This field only displays if you set Split Tables to YES. Enter thenumber of regions.
f. Resources: Resources required to connect to HBase. The core-site.xml
file contains basic Hadoop configuration settings for Hadoop Core such
as I/O settings that are common to HDFS. The hbase-site.xml file
contains the configuration settings for HBase daemons.
Example: file:///etc/hbase/conf/hbase-site.xml
Kerberos_With_Truststore
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 144
Settings
a. Host FQDN: The fully qualified domain name of the host.
b. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
c. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to a
SNYPR Administration Guide 145
Settings
cluster).
e. Service Name: The service name of the server.
f. Trust Store Path: @Trust Store Path.
g. Trust Store Password: @Trust Store Password.
h. Jaas Conf File Path: Enter the Jaas Conf file path.
i. SSL Value: Enter the SSL value.
j. Authentication Mechanism: Enter the authentication mechanism.
k. Name Space: Enter name space name for HBase.
l. Split Tables: This toggle has two options:
l YES: Set to YES to split tables.
l NO: Set to NO if you don't want to split tables.
HBase stores rows of data in tables. Tables are split into chunks of rowscalled “regions”. Those regions are distributed across the cluster, hostedby RegionServers.
m. Regions: This field only displays if you set Split Tables to YES. Enter thenumber of regions.
n. Resources: Resources required to connect to HBase.
Example: file:///etc/hbase/conf/hbase-site.xml
2. Click Save & Next.
HDFS
a. Click the Authentication Type drop-down and select one of the followingoptions:
SNYPR Administration Guide 146
Settings
l NoAuth
l Kerberos
l LDAP
l Kerberos_With_Truststore
b. Do the following, depending on what you selected in the previous step:
NoAuth
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 147
Settings
a. HDFS Site: Enter the HDFS site required to connect to HDFS.
Example: file:///etc/hadoop/conf/hdfs-site.xml
b. Core Site: Enter the HDFS core site required to connect to HDFS.
SNYPR Administration Guide 148
Settings
c. Cluster HDFS Site: Enter the HDFS core site required to connect to theHDFS cluster.
d. Cluster Core Site: Enter the HDFS core site required to connect to theHDFS cluster.
2. Complete the following information in the HDFS Connection Detailssection:
SNYPR Administration Guide 149
Settings
SNYPR Administration Guide 150
Settings
a. Username: Enter the user name of HDFS.
b. Working Directory: Enter the working directory.
c. Product Directory: Enter the product directory.
d. HDFS Directory for storing UnParsed Events: Enter the path to the dir-ectory in HDFS where all unparsed events are stored.
e. HDFS Directory for storing whitelists/temporary files for analyzingProxy Events: Enter the root path of directory in HDFS for all Proxydata storage.
f. HDFS Directory for storing Violations: Enter the path to the directoryin HDFS where all violations are stored.
3. Click Save & Next.
Kerberos
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 151
Settings
a. Host FQDN: The fully qualified domain name of the host.
b. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).
c. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
SNYPR Administration Guide 152
Settings
d. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
e. Jaas Conf File Path: Enter the Jaas Conf file path.
f. Service Name: Enter the service name.
g. Authentication Mechanism: Enter the authentication mechanism.
h. HDFS Site: Enter the HDFS site required to connect to HDFS.
i. Core Site: Enter the HDFS Core site required to connect to HDFS.
j. Cluster HDFS Site: Enter the HDFS Cluster site required to connect toHDFS Cluster.
k. Cluster Core Site: Enter the HDFS Cluster Core site required to connectto HDFS Cluster.
2. Complete the following information in the HDFS Connection Details
section:
SNYPR Administration Guide 153
Settings
SNYPR Administration Guide 154
Settings
a. Username: Specify the user name of HDFS.
b. Working Directory: Specify the working directory.
c. Product Directory: Specify the product directory.
d. HDFS Directory for storing UnParsed Events: The path to the directory
in HDFS where all unparsed events are stored.
Example: /user/securonix/unparsed
e. HDFS Directory for storing whitelists/temporary files for analyzingProxy Events: The root path of directory in HDFS for all proxy data stor-age.
f. HDFS Directory for storing Violations: The path to the directory inHDFS where all violations are stored.
3. Click Save & Next.
LDAP
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 155
Settings
SNYPR Administration Guide 156
Settings
a. Username: The username for LDAP authentication.
b. Password: The password for LDAP authentication.
c. HDFS Site: The HDFS site required to connect to HDFS.
d. Core Site: The HDFS Core site required to connect to HDFS.
e. Cluster HDFS Site: The HDFS Cluster site required to connect to HDFScluster.
f. Cluster Core Site: The HDFS Cluster Core site required to connect toHDFS cluster.
2. Complete the following information in the HDFS Connection Detailssection:
SNYPR Administration Guide 157
Settings
SNYPR Administration Guide 158
Settings
a. Username: Specify the user name of HDFS.
b. Working Directory: Specify the working directory.
c. Product Directory: Specify the product directory.
d. HDFS Directory for storing UnParsed Events: The path to the directory
in HDFS where all unparsed events are stored.
Example: /user/securonix/unparsed
e. HDFS Directory for storing whitelists/temporary files for analyzingProxy Events: The root path of directory in HDFS for all proxy data stor-age.
f. HDFS Directory for storing Violations: The path to the directory inHDFS where all violations are stored.
3. Click Save & Next.
Kerberos_With_Tuststore
1. Complete the following information in the Authentication and ConnectionDetails section:
SNYPR Administration Guide 159
Settings
SNYPR Administration Guide 160
Settings
a. Host FQDN: The fully qualified domain name of the host.
b. Key Tab Path: A file containing pairs of Kerberos principals and encryp-ted keys, which are derived from the Kerberos password.
c. Principal: An identity that Kerberos is able to authenticate. Principalsmay represent users, network hosts, or network services.
d. Realm: Where the Kerberos database is stored. The realm lives on onecomputer (KDC) and can have read-only slave servers (similar to acluster).
e. Service Name: The service name of the server.
f. Trust Store Path: @Trust Store Path.
g. Trust Store Password: @Trust Store Password.
SNYPR Administration Guide 161
Settings
h. Jaas Conf File Path: Specify the Jaas Conf file path.
i. SSL Value: Specify the SSL value.
SNYPR Administration Guide 162
Settings
j. Authentication Mechanism: Specify the authentication mechanism.
k. HDFS Site: The HDFS site required to connect to HDFS.
l. Core Site: The HDFS core site required to connect to HDFS.
m. Cluster HDFS Site: The HDFS Cluster site required to connect to HDFScluster.
n. Cluster Core Site: The HDFS Cluster Core site required to connect toHDFS cluster.
2. Complete the following information in the HDFS Connection Detailssection:
SNYPR Administration Guide 163
Settings
SNYPR Administration Guide 164
Settings
a. Username: Specify the user name of HDFS.
b. Working Directory: Specify the working directory.
c. Product Directory: Specify the product directory.
d. HDFS Directory for storing UnParsed Events: The path to the directory
in HDFS where all unparsed events are stored.
Example: /user/securonix/unparsed
e. HDFS Directory for storing whitelists/temporary files for analyzingProxy Events: The root path of directory in HDFS for all proxy data stor-age.
f. HDFS Directory for storing Violations: The path to the directory inHDFS where all violations are stored.
3. Click Save & Next.
Redis
a. Enter the IP address or host name in the Enter the Node for Redis field.
b. (Optional) If you want to add a node, click + Add Node then enter the IPaddress or host name in the Enter the Node for Redis field that displays.
SNYPR Administration Guide 165
Settings
To remove the node, click the red - icon to the right of the field.
c. Complete the following information in the Redis Connection Details section:
SNYPR Administration Guide 166
Settings
1. Password: Specify the password.
2. Connection Pool Size: Specify the pool size for the Redis connection. Con-nection pools create a set of ready-made connections that you can use asneeded. When done, the connection is returned to the connection pool forfurther reuse.
d. Click Save & Next.
Spark
a. Complete the following information in the Spark Details section:
SNYPR Administration Guide 167
Settings
1. Spark Defaults: Specify the spark defaults required to run Spark.
2. Enable Kerberos: Set to YES to enable Kerberos.
l Key Tab Path for connecting to Yarn Master server: This option onlydisplays when you set Enable Kerberos to YES. Specify the path of thekey tab file.
SNYPR Administration Guide 168
Settings
l Principal for connecting to Yarn Master server: Principal forauthentication.
3. Yarn Master IP: Specify the Yarn master IP.
4. Yarn Site: Specify the Yarn site.
b. Click Finish.
SNYPR Administration Guide 169
Settings
Configure General SettingsFrom this screen, configure SNYPR general application settings such as time zone, webservices, SSO, and quick links.
To configure the application settings, do the following:
SNYPR Administration Guide 170
Settings
1. Navigate to Menu > Administration > Settings. By default, you will be directed tothe Application Settings page.
2. Complete the following in the General Settings section:
SNYPR Administration Guide 171
Settings
a. Application Time zone: Select time zone of the application server.
b. Database Time zone: The time zone for the database server.
c. Date Format: Select from multiple date/time formats from the drop-down box.
d. Session Timeout: Enter a timeout period for sessions in seconds.
e. Web Service Session Timeout: Enter period in seconds after which the sessionexpires for webservices request.
f. Web Services: Set to YES to enable the application to use web services.
g. Web Service Session Timeout: Enter the time period in seconds after whichthe session expires.
h. IP Validation during Token authentication: Set to YES to enable IP Validationduring token authentication during token authentication.
3. Complete following information in the Data Import Settings section:
Note: These settings are for advanced users only.
SNYPR Administration Guide 172
Settings
The application is multi-threaded to perform parallel processing. Each event file isprocessed by spawning multiple threads. Each thread simultaneously parses theevent log file, performs correlation, and inserts the processed log into the database.You can configure the settings for various data import activities in this section.
SNYPR Administration Guide 173
Settings
a. Multi threading: Do the following, depending on what you select in this field:
YES
1. Provide the following information for Activity Import:
a. Maximum Threads: The number of threads that are spawned during theimport of activities and events. (The default is 30.)
b. Maximum Lines Per Thread: The number of lines provided that are
processed by each thread. (The default value is 20000.) Each user file is
processed by spawning multiple threads. Each thread simultaneously
parses the user file, checks for identity lifecycle changes, and inserts the
processed data into the database.
2. Provide the following information for User Import:
a. Maximum Threads: The number of threads that are spawned during theimport of users. (The default value is 20.)
b. Maximum Lines Per Thread: The number of lines provided that are
SNYPR Administration Guide 174
Settings
processed by each thread. (The default value is 10000.)
3. Continue to step 3.b.
NO
1. Skip to the step 3.b.
b. Preview data refresh interval: Specify the number of minutes for which thepreview data is cached. During this period, if the Preview button is clickedagain, the application retrieves preview data from cache, otherwise refreshesfrom the data source. (The default value is 30.)
c. Do you want to set Invalid Events Threshold: Do the following, depending onwhat you select in this field:
SNYPR Administration Guide 175
Settings
YES
1. Set an invalid threshold and invalid events count threshold to skip eventparsing for further events.
2. Continue to step 3.d.
NO
1. Skip to step 3.d.
d. Save events after each file imported: Pick one of the following options:
l YES: Set to YES if you wish to save the events after each file is processed.
l NO: Set to NO if you want all the files with same file pattern to beprocessed before saving files to the database.
e. Split input event file into smaller files: Set to YES if you want to split the input
file to smaller chunks for processing.
Note: If an extremely large file is encountered (greater than 1 GB), you can
split the file to increase the processing speed.
f. Lines per file: Enter the number of lines to be present in each file.
g. Clear correlation: Set to YES if you want the disabled access account to be anorphan and remove the past correlation (disabled during access import).
h. Clear attributes: Set to YES to remove all access attributes from the disabledaccess account (disabled during access import).
i. Ignore account name case: Set to YES to import all access accounts as all uppercase. If the same access account name is encountered with lower case and uppercase, this setting prevents duplicate account names.
4. Complete the following information in the Single Sign-On section:
SNYPR Administration Guide 176
Settings
This section enables the application for user authentication and Single Sign-on
(SSO).
a. Enable Single Sign On: Set to YES to enable Single Sign-On.
b. Hostname: Enter the URL for the host.
Example: Company.com.
c. Logout URL: Enter the logout URL.
Example: http://www.google.com.
Once you are logged out, you will be redirected the Logout URL above.
d. Login URL: Enter the single sign-on (SSO) login URL.
SNYPR Administration Guide 177
Settings
5. Complete the following in the Quick Links section:
This section allows you to add menu items to the main menu:
a. Menu Title: This field determines the label that appears on the Menu Bar.
b. Name: This determines the link name under the main Menu Bar name.
c. Protocol: Select either http or https.
d. Url: Enter the URL that you want to link to when users click the item under theMenu Bar.
e. Order: This determines the order that in which the links appear under theMenu Bar.
f. +/-: Click the plus sign to add another Quick Link item. Click the minus sign to
remove an existing item.
6. Complete the following information in the Startup Jobs section:
SNYPR Administration Guide 178
Settings
a. Name: Name of the job.
b. Enable: Select YES to initialize a job that does not exist yet. Select NO todisable an existing job.
c. Force re-schedule: Select YES if the configuration is changed. On the nextstartup, the existing job will be disabled, a new job will be created with a newconfiguration, and the flag will be reset to NO.
d. Frequency: This determines the frequency of the job. Valid values are once,seconds, minutes, hourly, daily, weekly, monthly, or yearly.
e. Time: Time at which job should be rerun. Format is HH:MM:SS.
f. Interval: This specifies the interval after which the job should be rerun. Thisfield uses the value set in Frequency; for example, if you want a job to run everyminute, you could set the Frequency to minutes and the Interval to 1, or
Frequency to seconds and Interval to 60.
7. Click Save at the bottom of the screen when you have finished making changes tothe Application Settings.
SNYPR Administration Guide 179
Settings
Enable/Configure Data MaskingData masking allows you to hide original data to protect sensitive information forusers and entities, including activity and access accounts, resource names, IPAddresses, and other event attributes that could contain personally identifiableinformation (PII).
To mask data, do the following;
1. Navigate to Menu > Administration > Settings.
2. Click Data Masking from the left pane, then clickMasking Summary.
SNYPR Administration Guide 180
Settings
3. By default, data masking is disabled. To enable and configure data masking, click
Edit.
4. Complete the following information in the Select Entities section:
SNYPR Administration Guide 181
Settings
a. Mask Users Attributes: Set to YES to masks attributes for all users.
The left panel lists the available user attributes that can be masked. To mask auser attribute, click the attribute name, then click the right arrow (>) to movethe selected attribute to the right panel.
SNYPR Administration Guide 182
Settings
The example above masked lastname and employeeid. When you save and runthe job, those user attributes will be masked as seen in the following image:
b. Do you want to enable conditional masking?: Set to YES to mask all users datawith conditional masking. When you set this field to YES, the following tablewill display:
SNYPR Administration Guide 183
Settings
The previous image is configured to mask all users whose Department =Engineering. When you run the job after enabling conditional masking ondepartment= "engineering", all users who belong to the engineering departmentare masked as shown below:
c. Mask Activity Account: Set to YES to mask all the activity account names
globally.
d. Mask IP Address: Set to YES to masks the IP address for all the datasources.
e. Mask Resource Name: Masks all the resource names globally. The followingfigures shows an example a masked resourcename.
5. Click Next at the top of the screen.
SNYPR Administration Guide 184
Settings
6. (Optional) Click Add Datasource Attributes to add the datasource attributes.
a. Complete the following information in the Add Datasource Attributes pop-up:
l Select Datasource: Click the drop-down and select a datasource.
l Datasource attributes to mask event data: Click the datasource attribute(s)you want to mask from the left panel, and move them to the right panel byclicking the right arrow (>).
b. Click Add.
7. Click Next.
8. (Optional) Click Add Datasource Attributes to add the datasource attributes.
SNYPR Administration Guide 185
Settings
a. Complete the following information in the Add Datasource Attributes pop-up:
l Select Datasource: Click the drop-down and select a datasource.
l Datasource attributes to mask event data: Click the datasource attribute(s)you want to mask from the left panel, and move them to the right panel byclicking the right arrow (>).
b. Click Add.
Note: The Global Mode settings for masking event attributes override the
Datasource Mode settings.
9. Click Save and Run to enable masking in the user interface.
SNYPR Administration Guide 186
Settings
Masking Job DetailsFrom this screen, you can view or delete details about masking or unmasking jobs,including the type of activity (masking/unmasking), the user who performed theactivity, and the time of the activity.
Note: When masking jobs are deleted, the activity is recorded in the Audit Log.
To view or delete the masking job details, do the following:
1. Navigate to Menu > Administration > Settings.
2. Click Data Masking from the left pane, then clickMasking Job Details.
TheMasking Job Details screen will display:
SNYPR Administration Guide 187
Settings
On this screen you can find masking job details, such as the Job Name, CreationDate, Start Date, and Job Status.
3. (Optional) To delete a job from this screen, click Delete Job.
SNYPR Administration Guide 188
Settings
Manage IngestersThe Remote Ingester is a lightweight Java program that is used to forward logs in realtime from remote servers to the SNYPR Kafka brokers. This real-time log forwardingto Kafka brokers provides the ability to ingest and analyze events as soon as they aregenerated.
From theManage Ingesters screen, you can enable and disable the remote ingestersconfigured in your environment. See Deploy the Remote Ingester for more detailsabout configuring the remote ingester.
Action IconsThe action icons on theManage Ingesters screen are used to perform specificactivities. The table below lists the action icons along with a brief description of itspurpose:
Icon Name Description
Stop
Stops the
individual
ingester.
Start
Starts the
individual
ingester.
RestartRestarts the
ingester.
Download
Downloads the
logs for individual
ingester.
SNYPR Administration Guide 189
Settings
Icon Name Description
Additional options
l Create new
syslog source
()
l View syslogconfiguration
Refresh all
Refreshes
content for all the
ingesters on the
screen.
To manage ingesters, do the following:
1. Navigate to Menu > Administration > Settings.
2. ClickManage Ingesters from the left pane.
SNYPR Administration Guide 190
Settings
You can manage the status of one or multiple RINs from theManage Ingestersscreen. This screen shows individual ingester details, ingester status, and availableactions per ingester.
Each individual ingester has either a green, yellow, or red color to reflect the statusof the ingester connection:
l Green: The application is successfully connected to the ingester and is running.
l Yellow: The ingester status is refreshing.
l Red: The application failed to connect to the Ingester and has stopped.
3. (Optional) To add a new syslog source for a specific ingester, click AdditionalOptions > Create/Edit Source.
A list of existing sources display in a pop-up for the ingester. Click + Create new toadd a new source.
SNYPR Administration Guide 191
Settings
Specify the Source name and Source expression. The Source Name is used as anidentifier in the source statement of the syslog-ng configuration file to receive logmessages. The Source expression is used to build the source statement.
SNYPR Administration Guide 192
Settings
Click Create.
Note: Any changes that are made are written to a specific section in the
"syslogng.conf" file that have been reserved for sources() and syslog filters()
configured from the UI.
Warning: Do not make changes to this section of the "syslogng.conf" file from the
back-end. Any change made from the UI will override the changes made from the
back-end.
SNYPR Administration Guide 193
Settings
Manage Installed Licenses and ProductsThe Manage License settings allows you to review your licenses installed with theapplication and view details about your current licenses, including:
l Number of users and resources licensed
l License issue and expiration date
l Issuer details
To manage installed licenses and products, do the following:
1. Navigate to Menu > Administration > Settings.
2. ClickManage License from the left pane.
SNYPR Administration Guide 194
Settings
3. Do the following, depending on what action you want to take:
I want to uninstall my license
1. Click Uninstall in the Installed License & Products section.
A pop-up will display confirming that you want to uninstall the license.
SNYPR Administration Guide 195
Settings
2. Click Yes, Uninstall License.
I want to install/upgrade a license
1. Complete the following information in the Install/Upgrade License section:
a. (Optional) Select existing license file: Click the drop-down to select anexisting license file.
SNYPR Administration Guide 196
Settings
b. (Optional) Upload new license file: Click to upload a new license file.
c. Enter Activation Key: Enter the activation key that has been provided.
2. Click Install.
SNYPR Administration Guide 197
Settings
Enable LDAP AuthenticationLDAP user authentication validates a username and password combination with adirectory server such MS Active Directory. By default, the application authenticatesagainst the local MySQL data store. However, this can be changed to authenticate theusers against Active Directory.
This section describes the steps required to enable LDAP authentication in SNYPR.
Before You BeginThis section lists the minimum requirements you must complete before you enableLDAP Authentication:
1. The LDAP account should have read permissions for the organizational unit againstwhich the application authenticates.
2. Identify the DN (Distinguished Name) for the account. For example: cn=svc_[DN];OU=ServiceAccounts;DC=[DN];DC=com.
3. Identify the following additional parameters that are required for AD authen-
tication:
l The IP address/hostname of the domain controller.
l The OU (organizational units) containing the different users that should beauthenticated.
4. Install root / intermediate certificates in java cacerts (used by the application) to
establish secure ldap connection.
5. Identify if the authorization will happen using Active Directory roles or SNYPRroles. Create an appropriate role in SNYPR with same name as the Active Directorygroup name of the authenticated user. For example, if group name in ActiveDirectory is Template1 then role in SNYPR should be Role_Template1.
Enable LDAP AuthenticationTo enable LDAP Authentication, do the following:
SNYPR Administration Guide 198
Settings
1. Navigate to Menu > Administration > Settings.
2. Click LDAP Authentication from the left pane.
3. Set Enable LDAP Authentication to YES.
4. Complete the following information in the LDAP Authentication section:
SNYPR Administration Guide 199
Settings
a. Server: Enter the IP address for Active Directory (ldap://[ip]:[port]/).
b. Base: Enter the base directory to start the search. For example, dc=m-mycompany,dc=com].
c. Actions: Click + to add an action or click - to delete an action.
d. Manager DN: Enter the appropriate Manager DN.
e. Manager Password: Enter the appropriate Manager Password.
f. Retrieve Database Roles: Select whether to retrieve additional roles from the
database using the User/Role many-to-many.
g. Retrieve Group Roles: Select whether to infer roles based on group mem-bership.
h. Ignore Partial Result Exception: Select whether to ignore partial result excep-tions.
i. Search Subtree: Select whether you want to search in subtrees.
j. Search Filter: This is the pattern to be used for the user search. For Example,{0} is the user’s DN.
k. Group Search Base: Enter the base DN from which the search for group mem-bership should be performed.
SNYPR Administration Guide 200
Settings
l. Group Search Filter: Enter the pattern to be used for the user search. Forexample, {0} is the user’s DN.
m. Group Role Attribute: Enter the ID of the attribute which contains the rolename for a group.
5. Click Save.
SNYPR Administration Guide 201
Settings
Enable/Disable X509 AuthenticationSNYPR supports X509 certificate authentication with a secure TLS/SSL connection.X509 is a public key infrastructure (PKI) standard used to manage digital certificatesand public-key encryption to secure web and email communication. When X509authentication is used, clients can authenticate to servers with certificates rather thanwith a user name and password.
Before You BeginBefore you enable X509 Authentication, you must create an new SystemAdministrator user with the common access card (CAC) certificate name. The CAC isused for the standard identification of active duty uniformed service personnel,Selected Reserve, Department of Defense (DoD)civilian employees, and eligiblecontractor personnel. It is also used to enable physical access to buildings andcontrolled spaces, such as the DoD computer networks and systems.
To setup an administrative user with X509 Authentication, do the following:
1. Log in to SNYPR as an Administrator.
2. Navigate to Menu > Administration > Access Control.
3. Click + to create a new admin user.
4. Complete the following information in the Enter User Information section:
SNYPR Administration Guide 202
Settings
SNYPR Administration Guide 203
Settings
a. Username
Note: Do not edit the default SNYPR user name, as it is a super user in the
SNYPR application.
b. Password
c. First Name
d. Last Name
e. Email
f. Phone Number
g. Badge Background Color
h. Enabled?
i. Password Change Required
5. Enable ROLE_ADMIN to assign administrative privileges to the user name.
6. Click Save & Next.
7. Enable multiple users by assigning them to the same group. Groups may also be
used for incident assignment and response.Users will be assigned with roles of
SNYPR Administration Guide 204
Settings
groups
See Access Control for complete details about creating users.
Enable X509 AuthenticationTo enable X509 Authentication, do the following:
1. Navigate to Menu > Administration > Settings.
2. Click X509 Authentication from the left pane.
3. Set Enable X509 Authentication to YES.
4. Click Save.
Once you click Save, a pop-up warning box will appear.
SNYPR Administration Guide 205
Settings
Click Yes in the pop-up to restart the application and apply your updated changes.
5. Stop the application: bin/securonix.sh stop
6. Copy the CA certificates you have to any folder.
7. Add the CA certificates to the truststore file as trusted certificates. By default,
securonixKeyStore is the truststorefile.
Example:
l /home/securonix/securonix50/Java/jre/bin/keytool -importcert -key-store
l /home/securonix/securonix50/Tomcat/conf/securonixKeyStore -trust-cacerts -alias
l pivkeydeviceca -file /usr/local/share/ca-certificates/pivkeydeviceca.crt
8. Start the application: bin/securonix.sh start
9. Navigate to the web browser and clear its cache.
10. Enter the application URL and refresh. The web browser shows a certificate
SNYPR Administration Guide 206
Settings
prompting the user to accept the certificate. You may have to accept the certificate
twice in Internet Explorer.
11. Enter the CAC card pin after the certificate is accepted. Upon successful validation
of the CAC card pin and the certificate, the user is logged in with administrative
privileges without the need for a user name or password.
You can also disable the X509 Authentication. To disable the X509 authentication,follow the steps below:
Note: Only a CAC card user with admin privileges can disable X509 authentication
1. Navigate to Menu > Administration > Settings.
2. Click X509 Authentication from the left-side panel.
Note: Ensure you have read/write permissions to server.xml.
3. Set Enable X509 Authentication to NO.
4. Click Save. A dialog box appears with the message to restart the application upon
SNYPR Administration Guide 207
Settings
disabling the X509 Authentication.
5. Stop the Securonix Enterprise applicaton: bin/securonix.sh stop.
6. Start the Securonix Enterprise applicaton: bin/securonix.sh start.
7. Navigate to the web browser and clear its cache.
8. Enter the application URL and refresh.
The user can now log in with the user name and password.
SNYPR Administration Guide 208
Settings
Schedule Housekeeping JobsUse this screen to schedule housekeeping jobs to clean data from the application aftera specified number of days.
To schedule housekeeping jobs, do the following:
1. Navigate to Menu > Administration> Settings.
2. Click Housekeeping Jobs from the left pane.
3. Click Schedule Housekeeping Job.
4. Click the radio button next to the job you want to run.
SNYPR Administration Guide 209
Settings
5. Provide a value in the Remove all data from X days prior to today’s date text-box.
6. Click Save & Next.
7. Provide the following information in the Job Details section:
a. Job Name: By default, the job name will auto-populate. You can enter a new jobname if you choose so.
SNYPR Administration Guide 210
Settings
b. (Optional) Job Description: Enter a description for the job.
c. Enable Job Related Notifications: Set to YES to enable job related notifications.
This will display 3 additional sections, including:
l On Success
l On Failure
l On Completed with Errors
Click the Select Email Template to Use for Sending Notifications drop-down, in either 3 sections, and select one of the following options:
l Create New Email Template
SNYPR Administration Guide 211
Settings
l Job Status
d. Complete the required information.
8. Click Run.
SNYPR Administration Guide 212
Settings
Types of Jobs
Job Name Description RecommendedSchedule
User Import History
Every time a user import is fired, the
SNYPR application stores the history of the
number of new users, deleted users,
updated users, etc. This job clears this table
based on the input days.
Example: Query fired: DELETE
FROM Userimporthistory WHERE
importdate<Thu Sep 05 15:24:35
IST 2013
90 days
Access/Activity/User
Import Errors
Clears the errors recorded while running
Access/Activity/User imports.
Example: Query fired: DELETE
FROM Resourceimporterrors
WHERE lastupdated<Sat Dec 14
15:30:30 IST 2013
30 days
Risk Score Card
History
Clears the risk score card history data.
Example: Query fired: DELETE
FROM Riskscorecardhistory WHERE
generatedtime<Thu Nov 14
15:36:51 IST 2013
180 days
Policy Violations Clears the policy violation data. 90 days
SNYPR Administration Guide 213
Settings
Job Name Description RecommendedSchedule
Auditing
Clears the audit history.
Example: Query Fired: DELETE
FROM Sysaudit WHERE logtime<Sat
Dec 14 15:57:46 IST 2013
180 days
Activity User IP
Mapping
Clears the activity user IP mapping that is
maintained for IP address attribution.
Example: Query Fired: DELETE
FROM Activityuseripmapping
WHERE lastupdate<Sat May 03
16:03:11 IST 2014
90 days
Completed Jobs
Clears the completed jobs.
Example: Query fired: DELETE
FROM QuartzCustomFiredTriggers
qcft WHERE qcft.startTime <= Sat
May 03 16:38:43 IST 2014 and
qcft.status in
('Completed','Completed with
errors')
90 days
SNYPR Administration Guide 214
Settings
Job Name Description RecommendedSchedule
Failed Jobs
Clears the failed jobs.
Example: Query fired: DELETE
FROM QuartzCustomFiredTriggers
qcft WHERE qcft.startTime < Sat
May 03 16:41:10 IST 2014and
qcft.status in ('Failed')
90 days
Clean Files
Clear the files in success folder and failed
folder on the system.
l Inputs: folder path(s): List of commaseparated folder path (updated tosupport securonix_home).
l File name: File name or regex patternof the files to be deleted from abovepaths.
l No. of days: File modified before thisnumber of days.
l Include sub folders: Scans the subfolders for previously listed jobs.
l Remove non empty files: Deletesfiles with data. (This should be set totrue by default.)
Varies on file
volume per day
(30 days)
SNYPR Administration Guide 215
Settings
Configure SAML Settings
To configure the SAML settings, do the following:
1. Navigate to Menu > Administration > Settings.
2. Click SAML Settings from the left pane.
3. Complete the following information in the KeyStore Details section:
a. KeyStore File Name: Provide a key store file name.
b. Key Store Password: Provide a key store password.
c. Alias Name: Provide an alias name.
d. Alias Password: Provide an alias password.
SNYPR Administration Guide 216
Settings
4. Complete the following information in the Service Provider Details section:
a. Entity ID: The Entity ID is a unique identifier for an identity or service provider.This value is included in the generated metadata.
b. Entity Base URL: Base to generate URLs for this server. For example:https://myServer:443/saml-app. Enter the public address from which yourserver will be accessed.
c. Entity Alias: The Alias is an internal mechanism that allows the application to
collocate multiple service providers on one server. The alias entity must be
unique.
SNYPR Administration Guide 217
Settings
Note: You can download the SPmetadata (sp.xml) file from
{SNYPRURL}/Snypr/saml/metadata/alias/{entityalias}. You have to replace
the entityalias with the value specified in the Entity Alias setting. For
example, the URL is {SNYPR URL}/Snypr/saml/metadata/alias/10.0.0.81 in
this scenario.
d. Include IDP Discovery: Select this option to include identity provider discoveryin the metadata.
e. SSO Bindings: Select the bindings to use for SSO, which include Post, PAOS,and Artifact. The binding, in general, determine how an SAML request andresponse map to protocols for messaging and communication.
f. Security Profile: From the dropdown list, select the option you want to use for
trust of signature, encryption, and SSL/TLS credentials. The Metadata
Interoperability profile is the default.
g. Sign metadata: Select this option to digitally sign the generated metadata with
the specified signature key.
h. Sign sent AuthNRequests: If selected, the generated metadata is digitally
signed using the specified signature key.
i. Require signed authentication Assertion: If selected, the generated metadata is
digitally signed using the specified signature key.
j. Require signed LogoutRequest: If selected, the generated metadata request is
digitally signed for logout requests using the specified signature key.
k. Require signed LogoutResponse: If selected, the generated metadata request is
digitally signed for logout responses using the specified signature key.
l. Require signed ArtifactResolve: If selected, the generated metadata request is
digitally signed for artifact resolution using the specified signature key.
SNYPR Administration Guide 218
Settings
a. SAML Assertion Attributes: Provides the following SAML settings:
i. Enable Advanced SAML Configuration: If set to YES, it allows you toselect the attributes that are sent in SAML assertion. The identityprovider sends SAML assertion that has user authorization to the serviceprovider.
ii. Do you want to create user if user is not found in Securonix: If set toYES and the user does not exist in the system, SAML creates the user
and authenticate.
Warning: When the Role and Group are retrieved from the SAML
assertion, you must create same role and group in SNYPR as in the
SAML assertion. This will ensure only that user get access to specific
role and group in the SNYPR application.
Note: When this settings is enabled, you have to map all the
mandatory attributes with the attributes created in Identity Provider.
The mandatory attributes are Firstname, Rolename, AdminFlag, Email,
and Lastname.
SNYPR Administration Guide 219
Settings
Note: When you have not configured to retrieve group information
from the SAML assertion, then you have to create a group name same
as the role name for the authenticated user.
iii. Map the attributes with the attributes created in Identity Provider.
5. Click Save to save the IDP metadata.
SNYPR Administration Guide 220
Settings
Configure SMTP Server SettingsThe Simple Mail Transfer Protocol (SMTP) settings allow you to add or edit a mailserver. SNYPR uses the mail server for the following purposes:
l Send email notifications on a violation
l Send job success/failure notifications
l Send email notifications on user life cycle changes (new, updated, and terminatedusers)
l Send notification emails for case-related issues
l Receive emails when comments are added to existing cases
This section includes step-by-step instructions to add or edit a mail server withinSNYPR.
To edit an existing SMTP server or add a new SMTP server, do the following:
1. Navigate to Menu > Administration > Settings.
2. Click SMTP Server Settings from the left pane.
3. Do the following, depending on what action you want to take:
SNYPR Administration Guide 221
Settings
I want to add a new mail server
a. Click Add New Mail Server at the top of the page.
b. Complete the following information in the General Settings section of the pop-up:
SNYPR Administration Guide 222
Settings
SNYPR Administration Guide 223
Settings
1. Mail Box Name: Specify the outgoing mail server's host name.
2. Host: Specify the outgoing mail server's host name.
3. Port: Specify the outgoing mail server's port number.
4. (Optional) From Email: Specify the sender's name.
5. (Optional) SSL Enabled?: This field has two settings, including:
l YES: Sends information securely over the Internet using SSL.
l NO: Disables SSL.
6. (Optional) Authentication Required: This field has two settings, including:
l YES: Requires authentication.
l NO: Doesn't require authentication.
7. Username: This option only displays if Authentication Required is set toYES. Specify the account username on mail server.
8. Password: This option only displays if Authentication Required is set toYES. Specify the account password on mail server.
c. Complete the following information in theMore Settings section:
SNYPR Administration Guide 224
Settings
1. Font name: By default the font name is set to Arial. To change the font name
for mail content, click the drop-down and select the font you want.
2. Font size: By default the font size is set to 2. To change the font size, enter a
numeric value to represent the size you want.
SNYPR Administration Guide 225
Settings
3. Batch size: By default the batch size is set to 25. To change the batch size,
enter the number of email notifications that you want to be sent in a batch.
4. Interval: By default the interval is set to 10 seconds. To change the interval,
enter a numeric value.
5. Process In Batch: This field has two options, including:
l YES: This is the default setting that enables you to send email noti-fications in batches.
l NO: Set to NO if you don't want to send email notifications in batches.
6. Stop When Done: This field has two options, including:
l YES: This is the default setting that enables you to stop sending emailnotifications when all of the messages in queue are completed
l NO: If you don't want to stop sending email notifications when all of themessages in queue are completed, choose this option.
d. (Optional) There are two buttons at the bottom of the screen that give you the
option to save and send a test email or test the server. Do the following,depending on what action you want to perform:
I want to save and send a test email
1. Click Save And Send Test Email at the bottom of the screen.
2. Complete the following information in the Send Test Email pop-up:
SNYPR Administration Guide 226
Settings
a. To: You can specify multiple email addresses separated by a comma (,).
Example: [email protected],[email protected]
3. Click Send.
SNYPR Administration Guide 227
Settings
4. Continue to the next step.
I want to test the server
1. Click Test Server. You will be redirected to the SMTP Server Settings page.
2. Continue to the next step.
e. Continue to the next step.
I want to edit a mail server
The SMTP Server Settings screen will be auto-populated if you already have anexisting mail server, as seen below. You can edit any information on this screen atanytime. When you enter new information, click Save at the bottom of the screento save your changes.
SNYPR Administration Guide 228
Settings
4. Click Save to save your information.
SNYPR Administration Guide 229
Settings
Configure Spotter SettingsTo configure your Spotter settings, do the following:
1. Navigate to Menu > Administration > Settings.
2. Select Spotter Settings from the left pane.
3. Complete the following information:
SNYPR Administration Guide 230
Settings
a. Maximum Allowed Days For Archival Query: Enter the maximum number of
days allowed for index = archive query.
b. Maximum Docs Per Query: Enter the maximum number of solr documents to
retrieve for the query.
c. Maximum Jobs: Enter the maximum number of jobs that can run
simultaneously.
d. Maximum Parallel Archival Queries: Enter the maximum number of Archival
queries that can run simultaneously.
e. Maximum Parallel Data Insights Queries: Enter the maximum number of Data
SNYPR Administration Guide 231
Settings
Insights queries that can run simultaneously.
f. Maximum Parallel SCC Queries: Enter the maximum number of SCC queries
that can run simultaneously.
g. Lucene Interval: Enter the time interval required to cleanup lucene data.
h. Lucene Time To Live: Time to live data in lucene folder.
i. Maximum Queries Per User: Enter the maximum number of queries that can
be run per user.
j. Page Size: Enter the pagesize to fetch results from solr for each batch.
k. Continue Next Batch: Enable this flag to continue next batch once Maximum
Docs Per Query reached.
l. Maximum Chartpoints: Enter the maximum chart points display for the
Commands like Barchart, Timechart, etc.
m. Maximum RAM usage: Enter the maximum RAM usage required range from 0
to 100 percent.
n. Maximum Disk usage: Enter the maximum Disk usage required range from 0 to
100 percent.
o. Maximum Users In Cache: Enter the maximum number of user in cache.
p. Default Time To Pause Job: Enter the default time to pause job.
q. Use Default Window For Available Datasource: Enable this flag to use default
window when clicked on a datasource from spotter summary tab.
r. Default window To Query For Datasource: Select default time window for
available datasource query.
s. Default Time To Query For Datasource: Enter the default time for available
datasource query in minutes,hours,days and etc.
SNYPR Administration Guide 232
Settings
t. Use Default Window For Available Violation: Enable this to use default
window when clicked on a violation from spotter summary tab.
u. Default Window To Query For Violations: Select default window time for
available violation query.
v. Default Time To Query For Violations: Enter the number of default time to
query for available violation in minutes,hours,days and etc.
w. Allowed Facet Fields: Enter the number of allowed facet field in query.
x. Allowed Facet Fields For Commands: Enter the maximum number of facet
fields allowed to Command query.
y. Leftside Maximum Collections: Enter the maximum collections to query for the
left panel attribute on click.
z. Maximum Time Allowed: Enter the maximum time allowed for Spotter queries
to wait for response.
aa. Maximum number of buckets: Enter the max no of aggregated result.
ab. MinimumWord Count For Terms Parser: Minimum number of query terms
required to switch the underlying Solr traditional query parsing to terms query
parsing for large IN queries. Set to -1 for disabling.
ac. Default Query Facet Attributes: Default facet attributes for the left panel on
click.
SNYPR Administration Guide 233
Settings
ad. Facet Level Pageinfo: Control the limits of number of unique records to befetched for each level for aggregated commands. Use -1 to fetch all records.
4. Click Save.
SNYPR Administration Guide 234
Settings
Configure UI PreferencesThe UI Preferences settings let you customize the text that appears on theSNYPR log in screen, as seen in the following image:
To customize the text that appears on the log in screen, do the following:
1. Navigate to Menu > Administration > Settings.
2. Click UI Preferences from the left pane.
SNYPR Administration Guide 235
Settings
3. Enter text in the text-box, then click Save.
To see your changes, log out of the application then visit the log in screen.
SNYPR Administration Guide 236
Settings
Upload CRP/CFP ContentTo upload CRP/CFP content, do the following:
1. Navigate to Menu > Administration > Settings.
2. Select CRP/CFP Content Upload from the left pane.
3. Click Click here to create SecuronixDB Connection.
4. Click + in the top left of the screen. The following options are available:
SNYPR Administration Guide 237
Settings
l Add New Connection
l Upload File
l Download Files
l Register connectors
5. Do the following, depending on the option you selected in the step above:
Add New Connection
a. Complete the following information:
SNYPR Administration Guide 238
Settings
1. Connection Name: Provide a name to uniquely identify this connection.
2. Connection Type for: Select the type of connection.
3. Connection Type: Select the type of data you will use this connection for.
b. Click Save.
Upload File
a. Complete the following information:
SNYPR Administration Guide 239
Settings
1. File
2. Remote Connection
3. Host IP Address
SNYPR Administration Guide 240
Settings
4. Port Number
5. Username
6. Password
7. Destination directory
b. Click Upload.
Download Files
a. Complete the following information:
SNYPR Administration Guide 241
Settings
1. Remote Connection Type
2. Host IP Address
3. Port Number
SNYPR Administration Guide 242
Settings
4. Username
5. Password
6. Source Directory
7. File Name
b. Click Download.
Register Connectors
a. Complete the following information:
1. Connector Type: Select the source from which to import data. You canimport data from a delimited file (csv, pipe delimited etc), Active Directory orany other listed sources.
2. Connector description: Enter connector description.
3. Connector Class: Enter connector class.
4. Import Type: Click the drop-down and select an import type.
5. Enable Connector: Enable to make connection visible.
b. (Optional) To edit a connectors information, scroll down the screen and clickthe edit icon (pencil icon) in the Actions column.
SNYPR Administration Guide 243
Settings
Click Save once you’ve made your modifications.
SNYPR Administration Guide 244
Access Control
Access ControlAccess control is used to provision access for authorized SNYPR users to selectedscreens and resources based on their role or job function. Users are only allowed toaccess the resources necessary to perform their job responsibilities. In addition, auser's access can be limited to specific tasks such as the ability to create or modify afile.
As a result, lower-level employees are restricted from accessing sensitive data becausethey don't need to do so to fulfill their responsibilities. This is especially helpful if youhave a large company with many employees or use third-parties that make it difficultto closely monitor access.
Before You BeginBefore setting up access control, determine the roles and capabilities to assign to eachrole. Then decide which users should be assigned to each role.
To set up access control, you will complete the following steps:
1. Create Roles and assign capabilities to Roles.
2. Create Users and assign them Roles.
3. (Optional) Create Groups and assign Users to Groups.
SNYPR Administration Guide 245
Access Control
Note: Security groups make it easier to manage users by allowing bulk actions.
Permissions assigned to groups are inherited by all members within the group
SNYPR Administration Guide 246
Access Control
Create RolesRoles control who has access to specific modules in SNYPR. Roles can have can havemultiple capabilities. Roles with meaningful names (for example: auditors, securityoperations, forensics, investigator, etc.) make it easier to perform access control.
To view a list of default roles in SNYPR, see Roles.
To create a role, do the following:
1. Navigate to Menu > Administration > Access Control.
2. ClickManage Roles from the left pane.
3. Click +, just to the left of the search criteria bar.
4. Provide the following information:
SNYPR Administration Guide 247
Access Control
a. Role Name: Enter a unique name for the role.
b. (Optional) Description: Enter a brief description about the purpose and priv-ileges that will be granted for the role.
c. Privileges: Click the drop-down and select the modules of the user interface
(UI) to which you want the role to have access:
Note: Privileges are granted by module and screen of the module. For
example, you can grant a role access to view the list of resource types
ingested in SNYPR, select Views > /resource/listResourceTypes.
a. Dashboard
b. View
c. Add Data
d. Analytics
e. Reports
f. Third Party Intelligence
g. Other
h. Geolocation
i. Investigation Workbench
SNYPR Administration Guide 248
Access Control
j. Spotter
k. Security Command Center
l. Operations Center
m. Approval Workflow
n. Spotter Web Services
5. Click the screen(s) you want to assign to users and move them to the right box byclicking the right arrow (>).
Tip:
To select multiple screens at once, use the following methods:
1. Click and drag
2. Click a screen, hold the Ctrl key down, then select additional modules.
6. Click Save.
Types of RolesThe following table displays the typical roles included in SNYPR:
SNYPR Administration Guide 249
Access Control
Role Main Task
Access Certifier
Certify user access privileges
l Can log in and view the risky entitlementsfor the users who report to themanager/certifier
l Has access to specific SecurityDashboards (Access Review Categoryonly)
Access Scanner
Detect user access privilege outliers
l Is a role typically assigned to usersrunning access outliers and on-boardingaccess entitlements into the applicationand limits access within the applicationto only access-related screens andaccess-related resource groups
l Has screen access configured by theadmin
Admin
Configure the application
l Has highest level of access available
l Has ability to add/ delete data in the
application
l Has ability to create/ modify/delete jobs
l Has ability to create / modify/delete users,roles, and groups
l Has ability to control access to theapplication
l Has ability to encrypt/mask data
SNYPR Administration Guide 250
Access Control
Role Main Task
Auditor
Monitor the SNYPR application health
l Has ability to access the administrativedashboard to review all operational/ITmetrics about events and data sources inthe systems
Business Unit Manager
Monitor risk profile for business units
l Allows business unit managers to log in tothe application and review the risk profileassociated to the users within theirbusiness units
l Is not typically given admin privileges andis unable to add or remove data within theapplication
Case Analyst
View and Manage Cases
l Has access to the incident dashboard
l Has ability to review and work on cases
l Is unable to configure any jobs or importdata into the application
Hunters
Hunt team
l Has access to security dashboards
l Has ability to drill-down and investigateincidents using tools such as theInvestigation Workbench for data linkanalysis
SNYPR Administration Guide 251
Access Control
Role Main Task
License Manager
Manage application licensing
l Has access only to the license screen tore-register license details and validatelicenses
l Is unable to access any other screen orview data for the user
Operations Team
End-to-end monitoring of the application
l Has ability to view the health andoperation of the application from end-to-end
l Has ability to ensure data imports werescheduled correctly, activity imports andscheduled jobs ran properly
l Has ability to modify the settings to
ensure the end-to-end flow is working
Privacy Master
View unmasked PII (Personally Identifiable
Information) data
l Has the ability to view unmasked PII datawithin the application when data masking
is enabled
l Has access only to certain screenscontrolled by the admin (typical screensareManage Users and High-Risk Users)
l Is not typically given access to view theunderlying data that caused violations
SNYPR Administration Guide 252
Access Control
Role Main Task
System Owner
Manage risk posture by application
l Allows application owners to view the riskprofile for all users of the application
l Is typically given admin privileges to theapplication for which they are the owners
l Has screen access configurable from theUI
User Admin
Manage applications
l Is a role assigned to application admins
l Can be configured if users need somesuper user privileges but not all adminprivileges
l Has screen access configurable from the
UI
SNYPR Administration Guide 253
Access Control
Create UsersUsers, in the context of Access Control, refers to all users interacting with the SNYPRapplication. This can be:
l Systems administrators responsible for the maintaining the platform
l Analysts responsible for managing threats
l Content developers responsible for developing use cases
l Compliance officers responsible for ensuring compliance with regulations likeGDPR
When you use access control to create a user, you will grant them permissions, whichwill determine what they can and cannot do in SNYPR.
To create a user, do the following:
1. Navigate to Menu > Administration > Access Control.
2. ClickManage Users from the left pane.
3. Click +, just to the left of the search criteria bar.
SNYPR Administration Guide 254
Access Control
4. Provide the following user information:
a. User Name
b. Password
c. Re-Enter Password
d. First Name
e. Last Name
SNYPR Administration Guide 255
Access Control
f. (Optional) Badge Background Color: Click and choose a background color forbadges showing active users.
g. (Optional) Enabled?: Toggle to YES if you want to enable the user.
5. Click Save and Next.
6. Set the sliders to YES to assign the user to a role.
7. (Optional) Set the slider to YES to assign the user to a group.
Note: You must enable at least one group to continue to step 4: Assign
Notifications.
8. (Optional) To create a new group, do the following:
SNYPR Administration Guide 256
Access Control
a. Click Add New Group.
b. Provide the following information:
l Name: Enter the name for the group.
l (Optional) Type: Choose None or Administrator.
l Email: Enter the group email address.
c. Click Save to save the new groups information.
9. Click Save & Next.
10. Assign notifications to users to grant access notifications.
SNYPR Administration Guide 257
Access Control
11. Click Save.
The user you created will display on the Access Control screen as seen in the imagebelow.
SNYPR Administration Guide 258
Access Control
Create GroupsA group is a collection of individual users who share a set of permissions. For example,a group called "Admins", are assigned permissions such as creating new users,changing passwords, and configuring application settings. Any user added to thatgroup will automatically inherit all the rights that are assigned to the group.
The permissions of the group are determined by the roles assigned to the group.Creating groups can be viewed as a shortcut to assigning roles to users: rather thanassigning each role individually to each user, you can assign all the roles to a groupand add the user to the group.
Groups also provide greater control over data-level access through the GranularAccess Control feature.
To create a group, do the following:
1. Navigate to Menu > Administration > Access Control.
2. ClickManage Groups from the left pane.
3. Click +, just to the left of the search criteria bar.
SNYPR Administration Guide 259
Access Control
4. Provide the following group details:
a. Name: Enter a descriptive name for the group.
b. Type: Select a group type from the drop-down:
l None
l Administrator
c. Email: Specify the group email address.
d. Parent Group: Search to select a Parent Group from existing groups.
5. Click Save & Next.
SNYPR Administration Guide 260
Access Control
6. (Optional) You can select one or both of the following options:
Add a user
To add a user, do the following:
a. Click Add User(s).
b. Check the box next to the users you want to add to the group.
c. Click Add Selected User(s).
Remove a user
To remove a user, do the following:
SNYPR Administration Guide 261
Access Control
a. Check the box next to the users you want to remove from the group.
b. Click Remove User(s).
7. Click Save & Next.
8. Set the sliders to YES for the roles you want to assign the group to.
9. Assign notifications to groups by enabling the Role Name.
SNYPR Administration Guide 262
Access Control
10. Click Save.
SNYPR Administration Guide 263
Access Control
Manage Users, Roles, and GroupsYou can edit the settings for users, roles, and groups using the icons on the AccessControl screen.
Action IconsThe Access Control screen (Menu > Administration > Access Control) uses almost allthe same icons and functionality to edit users, roles, and groups. Use the table belowto learn what each icon does.
Icon Description
Edits the user, role, or group.
Deletes the user, role, or group.
Note: You cannot delete or disable the Admin user.
Changes password for the user.
Note: This option is only available for users.
Note: SNYPR gives users with the role, ROLE_PRIVACYMASTER, the ability to
unmask (not unencrypted) masked data. When creating users and groups, enable the
role, ROLE_PRIVACYMASTER, to use this feature.
SNYPR Administration Guide 264
Access Control
Enable Granular Access ControlGranular access control is used to restrict access for users at a data level. Whengranular access control is enabled, SNYPR users will only see the users, resources,policies, and threat models to which they have been granted access.
Before You BeginBefore enabling Granular Access Control, you will need to do the following:
l Create Users
l Create Roles
l Create Groups
To enable granular access for a group, do the following:
1. Navigate to Menu > Administration > Access Control.
2. Click Granular Access Control from the left pane.
3. Set Enable Data level Access Control to YES.
SNYPR Administration Guide 265
Access Control
4. Click the drop-down and select a sec group to view tenant configurations:
SNYPR Administration Guide 266
Access Control
5. (Optional) You can edit the access configurations on this step. Do the following toadd access configurations:
SNYPR Administration Guide 267
Access Control
a. Click Add to modify access configurations for the selected Sec group.
You will be directed to the configuration screen.
b. Set Show only correlated data to YES to enable a flag to see both correlatedand uncorrelated data.
c. SetWhat users you want to grant access to? to YES to select which users the
group will be allowed to view and provide the following information:
l Search by
l Search condition
l Provide value
l Select operator
d. SetWhat resources you want to gran access to? to YES.
e. Check the box next to the resource(s) you want the group to be able to view.
SNYPR Administration Guide 268
Access Control
Tip: Quickly search for the resource you want by typing in the Type To Filter
search bar.
f. SetWhat policy categories you want to grant access to? to YES.
g. Check the box next to the policy categories you want the group to be able to
view.
SNYPR Administration Guide 269
Access Control
h. SetWhat threat models you want to grant access to? to YES.
i. Check the box next to the threat model(s) you want the group to be able to
view.
j. SetWhat sandbox policy categories you want to grant access to? to YES.
SNYPR Administration Guide 270
Access Control
k. Check the box next to the categories you want to be accessible.
l. Click Save Configuration at the bottom of the screen.
Your changes will display on the Granular Access Control screen.
SNYPR Administration Guide 271
Access Control
Enable Password ControlFor additional access control, you can enable password control options.
To enable password control, do the following:
1. Navigate to Menu > Administrator > Access Control.
2. Click Password Control from the left pane.
3. Set Enable Password Control? to YES.
4. Provide the following information for each parameter:
SNYPR Administration Guide 272
Access Control
a. Minimum Length: The minimum number of characters used in a password.
b. Maximum Length: The maximum number of characters used in a password.
c. Minimum Upper Case Letters: The minimum number of upper case lettersrequired in a password.
d. Minimum Lower Case Letters: The minimum number of lower case lettersrequired in a password.
e. (Optional) Numbers Allowed?: By default, numbers are allowed in passwords.Set to NO to disallow numbers in passwords.
f. Minimum Numbers: The minimum count of numbers required in a password.
g. (Optional) Special Characters Allowed?: This option only appears if NumbersAllowed? is set to YES. By default, special characters are allowed in a password.Toggle to NO to disallow special characters in a password.
h. Lock after 'n' login failures: The number of login attempts that will result inaccount lockout.
i. (Optional) Password never expires?: Set to YES to have passwords be non-expiring. If set to YES, the Password expiration period and Remainder Interval(Days) settings disappear.
j. Password expiration period: Enter the number of days before a passwordchange is required.
k. Reminder Interval (Days): Set the number of days for the password expiry
notification.
SNYPR Administration Guide 273
Access Control
Note: Administrators can restrict users from reusing their previous pass-
words by setting the Minimum Reuse Count property from backend.
5. Click Save.
SNYPR Administration Guide 274
Connection Types
Connection TypesFrom the Connection Types screen, you can create and manage connections to third-party tools, and upload files to or download files from the SNYPR directory, andregister and edit existing connectors for data import.
Filter ComponentsFrom the Connection Types screen, you can perform basic or advanced filtering onconnection types. When you do a basic filter, you can enter filter criteria in the textbox to narrow down your search.
When you do advanced filtering, a drop-down will display that allows you to choose aConnection Name, Connection Type for, or a Connection Type. Once you havechosen from the drop-down, you can type filter criteria in the text box, then clickSearch to view the results.
SNYPR Administration Guide 275
Connection Types
SNYPR Administration Guide 276
Connection Types
Add a NewConnectionTo add a new connection type, do the following:
1. Navigate to Menu > Administration > Connection Types.
2. Click + from the left pane, then select Add New Connection.
3. Provide a name to identity the connection.
4. Click the Connection Type for drop-down and select from one of the followingoptions:
l "Add a New Connection" above: Create a connection to export SNYPR violationevents as CEF to third-party tools including RSA Archer and RSA Netwitness.
This option appears on the Actions for Violations screen when creatingPolicy Violations.
l "Add a New Connection" above: Create a connection to the Threat ModelExchange database from which you can import new threat models and exportthreat models you created.
l "Add a New Connection" above: Create connections to take actions on viol-ations using Playbooks, including export violations as CEF, to a database, to aremote server as a file, to a NPP (Nitro) tool, or to a syslog server.
SNYPR Administration Guide 277
Connection Types
l "Add a New Connection" on the previous page: Create a connection to AWS tosend archival data.
Note: The connections you can create may vary depending on your license.
5. Click the Connection Type drop-down and select from one of the followingoptions:
l CEF Format
l IBM Resilient
l RSA Archer CEF Format
l RSA Netwitness CEF Format
l Database
Note: These options will vary depending on your selection in the Connection
Type for drop-down.
6. Do the following information, depending on what you selected in the previous step:
SNYPR Administration Guide 278
Connection Types
CEF
a. Complete the following Connection Details:
l Protocol: Enter the protocol.
l Host:Replace <hostname> with the appropriate network address/domain name.
l Port: Replace <port> with port the number.
l Generate Token?: This creates a user called, siemuser, and a role called, ROLE_siemrole, under Administration >Access Control. It also creates a token thatcan be used to access the Securonix application from ArcSight ESM. You cancreate a device URL in ArcSight ESM using following URL:
https://<hostname>:<port>/Snypr/manageData/showUserSearch?to
ken=${generated-token}&accountid=${destinationUserName}
IBM Resilient
a. Complete the following Connection Details:
SNYPR Administration Guide 279
Connection Types
l IBM Resilient url
l IBM Resilient username
l IBM Resilient password
RSA Archer CEF Format
a. Complete the following Connection Details:
SNYPR Administration Guide 280
Connection Types
l Protocol: Enter the protocol.
l Host:Replace <hostname> with the appropriate network address/domainname.
l Port: Replace <port> with port the number.
l Generate Token?: This creates a user called, siemuser, and a role called,
ROLE_siemrole, under Administration >Access Control. It also creates a
token that can be used to access the Securonix application from ArcSight
ESM.
RSA Netwitness CEF Format
a. Complete the following Connection Details:
SNYPR Administration Guide 281
Connection Types
l Protocol: Enter the protocol.
l Host:Replace <hostname> with the appropriate network address/domainname.
l Port: Replace <port> with port the number.
l Generate Token?: This creates a user called, siemuser, and a role called,
ROLE_siemrole, under Administration >Access Control. It also creates a
token that can be used to access the Securonix application from ArcSight
ESM.
Database
a. Complete the following Connection Details:
SNYPR Administration Guide 282
Connection Types
l Database Type: Select the database type from the dropdown.Example: MySQL.
l JDBC URL: Specify the JDBC URL.
l Driver Class: Specify the driver class.
l Database Username: Specify the username.
l Database Password: Specify the password.
b. Click Test Connection to ensure connection is successful.
File
a. Complete the following Connection Details:
SNYPR Administration Guide 283
Connection Types
l Import from Remote Server?
l Remote Connection Type
l Host IP Address
l Port Number
l Username
l Password
l Source Directory
l Proxy Server: This is a server that all computers on the local network haveto go through before accessing information on the Internet.
o Proxy Server URL
o Proxy Server Username
SNYPR Administration Guide 284
Connection Types
o Proxy Server Password
l Test Remote Connection
NPP (Nitro)
a. Complete the following Connection Details:
l Nitro Receiver Host: Provide the host URL of the Nitro receiver.
l Nitro Receiver Port: Provide the port for the Nitro receiver.
l Source IP Address: Provide the IP Address of the SNYPR application.
Note: You must first create a device type for SNYPR on McAfee
ESM with the application IP address to use this feature.
b. Complete the following information in theMore Settings section:
SNYPR Administration Guide 285
Connection Types
l Version
l Type
l Flow
l Protocol
l Retry Interval (In Seconds)
l Retry Interval
l Generate Token?
Syslog
a. Complete the following Connection Details:
SNYPR Administration Guide 286
Connection Types
l Protocol: Enter the protocol.
l Host:Replace <hostname> with the appropriate network address/domainname.
l Port: Replace <port> with port the number.
l Facility: Select an option from the drop-down.
AWS
a. Complete the following Connection Details:
SNYPR Administration Guide 287
Connection Types
l Access Key: Enter an alphanumeric text string that uniquely identifies the
user who owns the account.
l Secret Key: Enter a string of characters that you use to calculate the digital
signature that you include in the request.
l S3 Bucket: Enter a name where logs are archived.
l Source Folder: Enter the complete path to the directory where this file is
located.
l Success Folder: Enter the complete path to the directory where this file
must be moved once the import is completed successfully.
l Failed Folder: Enter the complete path to the directory where this file must
be moved if the import job fails to complete.
l Incremental Field: Enable it to allow incremental update.
l Prefix: Specify the path within the bucket from which logs must be
SNYPR Administration Guide 288
Connection Types
extracted. You can use this to limit the response to folders that begin with
the specified prefix.
7. Click Save.
The new Connection Type becomes available in the left pane, allowing you to edit ordelete connections.
SNYPR Administration Guide 289
Connection Types
Manage Connection TypesThe Connection Types screen (Menu > Administration > Connection Types) hasicons that help filter your connection types.
Action IconsUse the table below to learn what each icon does.
Icon Description
Filter: Click this icon to perform a basic
filter for your connection types. A text box
will display where you can type information
to filter your results.
SNYPR Administration Guide 290
Connection Types
Icon Description
Advanced Options: Click this icon to access
the advanced filter options. From here, you
can choose a connection name from the
drop-down.
SNYPR Administration Guide 291
Connection Types
Download FilesUse the this function to download files from SNYPR directories to remote FTP, SFTP,or SCP remote host.
Example: Download a properties file from
"securonix/tenants/<tenantname>/securonix_home/response/activedirectory" to edit
connection details.
To download a file, do the following:
1. Navigate to Menu > Administration > Connection Types.
2. Click + from the left pane, then select Download File.
3. Complete the following information:
SNYPR Administration Guide 292
Connection Types
a. Remote Connection Type: Click the drop-down and select a remote connectiontype.
b. Host IP Address: Select the Host IP address to which to download the file.
c. Port Number: Provide the port number. Default: 21 of the host IP address.
d. (Optional) Username: Provide the username for the server.
e. (Optional) Password: Provide the password for the server.
f. Source directory: Provide the source directory from which to download the
file.
Example: securonix/tenants/<tenantname>/securonix_
home/response/activedirectory.
g. File Name: Provide the file name to download.
4. Click Download.
SNYPR Administration Guide 293
Connection Types
Upload FilesUpload files from an FTP, SFPT, or SCP host into your Securonix_home directory. Forexample, you can add data files to your "$securonix_home/import/in" folder to importfrom Add Data > Activity.
To upload a file, do the following:
1. Navigate to Menu > Administration > Connection Types.
2. Click + from the left pane, then select Upload File.
3. Complete the following information:
SNYPR Administration Guide 294
Connection Types
a. File: Specify the file name and path or click Browse to select from local machine.
b. Remote Connection Type: Click the drop-down and select a remote connectiontype.
c. Host IP Address: Select the Host IP address from which to upload the file.
d. Port Number: Provide the port number. Default: 21 of the host IP address.
e. (Optional) Username: Provide the username for the server.
f. (Optional) Password: Provide the password for the server.
g. (Optional) Destination directory: Provide the destination directory into which
to upload the file.
Example: securonix/tenants/<tenantname>/securonix_home/import/in.
4. Click Upload.
SNYPR Administration Guide 295
Connection Types
Register ConnectorsYou can register a new connection in SNYPR to import data, or edit details aboutexisting connections.
Note: To import data, use the Add Data module of the Main Menu.
To register connectors, do the following:
1. Navigate to Menu > Administration > Connection Types.
2. Click + from the left pane, then select Register connectors.
3. Complete the following information:
SNYPR Administration Guide 296
Connection Types
a. Connector Type: Select the source from which to import data. You can importdata from a delimited file (csv, pipe delimited etc), Active Directory or any otherlisted sources.
b. (Optional) Connector description: Enter connector description.
c. Connector Class: Enter the connector class.
d. Import Type: Click the drop-down and select an import type.
e. (Optional) Enable Connector: Enable to make connection available for SNYPR.
Note: By default, the class files for connectors are present in the folder [Custom
Location]/webapps/Snypr/WEB-INF/classes.
4. Click Save.
Towards the bottom of the screen, you can view the list of connectors available inSNYPR. To edit default connectors, click the edit icon and complete the stepsdescribed above.
SNYPR Administration Guide 297
Connection Types
SNYPR Administration Guide 298
Email Templates
Email TemplatesEmail templates are used by administrators to send standardized responses andnotifications via email. You can customize your own or use a default email template tobuild a notification email that best suits the needs of your organization. You can alsoadd variables, which allow you to personalize these communications and includeadditional relevant information.
SNYPR Administration Guide 299
Email Templates
Create an Email TemplateYou can create new email templates to use in place of default templates for each typeof activity in SNYPR.
Note: You will only be able to create templates for activity within modules that are
already configured to send notifications.
To create an email template from the Email Templates screen, do the following:
1. Navigate to Menu > Administration > Email Templates.
2. Click + from the left pane, then select Create New Email Template.
3. Complete the following information:
SNYPR Administration Guide 300
Email Templates
a. Sender Name: Enter the name of the sender.
b. Template Name: Enter a unique name for the template.
c. (Optional) Description: Enter a description of the template.
d. To: Enter the email address of the recipient.
e. From: This field will auto-populate with the sender address.
SNYPR Administration Guide 301
Email Templates
f. (Optional) CC: Enter email addresses of the carbon copy recipients separatedby commas.
g. (Optional) BCC: Enter email address of the blind carbon copy recipients sep-arated by commas.
h. (Optional) Subject: Enter a subject for the email template.
i. (Optional) HTML Enabled: Set to YES to enable HTML.
j. (Optional) Store in Outbox prior to sending?: Set to YES to store outgoing
messages in the outbox prior to sending.
Note: View the Outbox from the collapsed menu on the top navigation
menu.
SNYPR Administration Guide 302
Email Templates
k. Use this template for: Select a module for the template. The module you selectwill determine the variables that you can use in the email template. You willonly be able to use variables for the module you have selected.
l. (Optional) Email body: You can do one or both of the following:
Add Email Template Variables
1. Click Add Email Template Variables.
2. Check the box next to the variables you want to add.
SNYPR Administration Guide 303
Email Templates
3. Scroll to the bottom and click Add.
Enter and Format Text
1. Type what you want in the blank space and use the tools in the toolbar to
format the email body.
4. Click Save.
SNYPR Administration Guide 304
Email Templates
Edit Email TemplatesSNYPR provides out-of-the box email templates for different types of activity inSNYPR. This activity in is categorized by module. You can view templates for each typeof activity and customize them for your environment.
From the main Email Templates screen, a list of all the available templates is displayedby default. You can filter by module to view only the templates for activity within thatmodule. For example, click Job Failure to see only the templates for notificationsSNYPR sends in the event of a failed import job.
To edit an email template, do the following:
1. Navigate to Menu > Administration > Email Templates.
This screen displays the modules in the left pane and a variety of default templateson the right side.
Tip: To filter the list of available templates by module, click the module name in
the left panel.
2. Click the template name to edit the template.
SNYPR Administration Guide 305
Email Templates
The email template offers hover help for additional information on fields.
Example: For the To field for email, you can use commas to separate more than
one email address. The Email Body contains variables in the email text that are
contextual to the module. To learn more about a variable or add a new variable
for that specific module, click Add Email Template Variables.
The updated email template is used, for example, when an access certification job ispending a review.
SNYPR Administration Guide 306
Email Templates
3. Click Save.
SNYPR Administration Guide 307
Workflows
WorkflowsSNYPR provides several default workflows to handle incidents and case management.Workflows determine the actions case analysts can take during each stage of the casemanagement process.
You can create custom workflows to take specific actions on cases, or you can makechanges to the existing workflows. Workflows are invoked in the following screenswithin the application:
l Security Command Center (SCC): Workflows are invoked when an incident is cre-ated by an analyst for a policy or threat violation.
l Policy Violations: Workflows are invoked when a policy is configured to auto-matically generate an incident in the event of a violation.
Sample WorkflowThe diagram displays the following sample workflow:
1. The user begins the case workflow by creating a case from the Security CommandCenter.
2. The user takes action to claim the case, assign the case to another analyst, or closethe case.
3. The analyst to whom the case is assigned takes appropriate action to resolve the
case.
4. The case is closed or assigned to another analyst to re-verify the resolution, or theuser can reopen the closed case for further investigation. See Incident Managementin the SNYPR User Guide for more information about cases.
SNYPR Administration Guide 308
Workflows
SNYPR Administration Guide 309
Workflows
Example 1: Workflow for Investigation
SNYPR Administration Guide 310
Workflows
Example 2: Workflow for InvestigationWith 3 Strike Rule
SNYPR Administration Guide 311
Workflows
Create a NewWorkflowWhen you configure a workflow, you determine what actions a case analyst can takewhen an incident is created for a policy or threat violation.
Before You BeginThis section lists the minimum requirements necessary to configure workflows:
l Import User Data
l Configure Access Control to create users
l Configure Access Control to create roles
l Configure Access Control to create groups
To create a new workflow, do the following:
1. Navigate to Menu > Administration > Workflows.
2. Click the + from the left pane, then select Create New Workflow.
3. Complete the following information in the General Details section:
SNYPR Administration Guide 312
Workflows
a. Workflow Name: Enter a unique name for the workflow.
b. Default Assign To: Select one of the following options:
l Assign incident to selected Group: Click the drop-down to assign cases inthis workflow to a particular group.
l Assign incident to Selected User: Click the drop-down to assign cases inthis workflow to a particular user.
c. (Optional) Default Notification Email Template: Select one of the followingoptions from the drop-down list:
l Create a New Email Template
l Case Management
SNYPR Administration Guide 313
Workflows
l Case Assignment
l Case SLA Notification
4. Click Save & Next.
5. Click Add Action to add an action for this step in the workflow.
Note: The Open case step for this workflow is already in place.
6. Complete the following information:
a. Action Name: Enter a unique name for the action.
b. (Optional) Assign To: Select assignees and use mouse to drag options into theorder in which the application will assign the case.
c. (Optional) Functions: Select functions and use mouse to drag into the order inwhich the application will process them. Available actions include:
SNYPR Administration Guide 314
Workflows
l Complete and Close: Mark as complete and close the case
l Update score for mitigation: Modify urgency of mitigation activities based
on results of investigation
l Update Score for Mitigation and Complete Case:
l Remove As Child Case:
l Claim: Claim the case for the current user
l Assign: Assign the case to a specific group or user
l Create JIRA issue: Create a ticket in an external ticketing site
l Update workflow: Modify the workflow for changes to the standard
operating procedure
d. (Optional) Action Tooltip Information: Enter information to show in tool tip.
e. (Optional) Action Icon: Click the drop-down and select an action icon.
f. (Optional) Change Case Status to: Select from drop-down.
g. (Optional) Change Incident Status to: Click the drop-down and select one ofthe following:
l Completed
l Open
h. (Optional) Show User Input Form?: Do the following, depending on what youset this field to:
YES
Setting this to YES will create an input screen that will be displayed to the user
when this action is taken during the case work flow.
1. Click Design New Screen to create a new input screen.
2. Provide a Screen Name.
SNYPR Administration Guide 315
Workflows
3. (Optional) Click Create New Section.
Enter a section name, then click Save.
SNYPR Administration Guide 316
Workflows
NO
1. Skip to the next step.
i. (Optional) SLA Configuration: Do the following, depending on what you set thisfield to:
YES
1. Complete the following information:
SNYPR Administration Guide 317
Workflows
a. Level: Enter a value for SLA level.
b. Duration Days: Enter a numeric value for duration in days.
c. Notification Email Template: Select from drop-down or Create New
Email Template.
d. Functions: Select from list.
e. +/-: Use to add/remove entries.
2. Click Save to save your changes.
NO
1. Skip to the next step.
7. (Optional) Do the following, depending on what action you want to take:
I want to add a step to the workflow
a. Click Add Workflow Step.
SNYPR Administration Guide 318
Workflows
b. Provide a Step Name in the text box.
c. Click Save to save your changes.
d. Add actions for this step in the workflow using step 6 above.
SNYPR Administration Guide 319
Workflows
I want to remove an action
a. Check the box next to the workflow action you want to delete.
b. Click Remove Action(s).
8. Click Finish.
SNYPR Administration Guide 320
Workflows
Edit a WorkflowThis section describes how you edit an existing workflow.
To edit a workflow, do the following:
1. Navigate to Menu > Administration > Workflows.
2. Click the workflow you want to edit from the left pane.
SNYPR Administration Guide 321
Spark Apps
Spark AppsAs described in the Data Flow section, each Spark application runs an independent setof executor processes. Within each Spark application, multiple tasks (Spark actions)may be running simultaneously (e.g. reads and performs computation on data, writesoutput data).
Spark App PropertiesThis section includes all default property values for each Spark App.
Spark App 1: Event Enrichment
Property Default Value
Name Event_Enrichment
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Consumer Group Name RG-enrichment
Max rate per Partition (mrpp) 5
Job Duration 1s
Driver Memory Overhead 1024
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Component that executes tasks in Spark apps. See Spark Executor.
SNYPR Administration Guide 322
Spark Apps
Property Default Value
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
SNYPR Administration Guide 323
Spark Apps
Spark App 2: Event Ingestion
Property Default Value
Job Name Event_Ingestion
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Consumer Group Name RG-ingestion
Max rate per Partition (mrpp) 5
Job Duration 1s
Driver Memory Overhead 1024
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
Spark App 3: Event Indexer
Property Default Value
Job Name Event_Indexer
Driver-Memory 1gb
Number of Executors 5
SNYPR Administration Guide 324
Spark Apps
Property Default Value
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Consumer Group Name RG-indexer
Max rate per Partition (mrpp) 5
Job Duration 1s
Driver Memory Overhead 1024
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
Spark App 4: Behavior Analytics
Property Default Value
Job Name Behavior_Analytics
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Consumer Group Name RG-behaviorsummary
Max rate per Partition (mrpp) 100
SNYPR Administration Guide 325
Spark Apps
Property Default Value
Job Duration 30
Driver Memory Overhead 1024
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
Spark App 5: Individual Event Evaluator (IEE)
Property Default Value
Job Name Policy_Engine_IEE
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Consumer Group Name RG-policy-iee
Max rate per Partition (mrpp) 5
Job Duration 2s
Driver Memory Overhead 1024
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
SNYPR Administration Guide 326
Spark Apps
Property Default Value
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
SNYPR Administration Guide 327
Spark Apps
Spark App 6: Aggregated Event Evaluator (AEE)
Property Default Value
Job Name Policy_Engine_AEE
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Job Duration 60s
Driver Memory Overhead 1024
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
Spark App 7: Risk Generation
Property Default Value
Job Name ThreatModel_RiskScoring_App
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
SNYPR Administration Guide 328
Spark Apps
Property Default Value
Executor Cores 1
Consumer Group Name RG-riskgeneration
Max rate per Partition (mrpp) 20
Job Duration 10s
Driver Memory Overhead 1024
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
Spark App 8: Analyzer
Property Default Value
Job Name Analytics_App
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Consumer Group Name RG-analytics
Max rate per Partition (mrpp) 20
Job Duration 10s
Driver Memory Overhead 1024
SNYPR Administration Guide 329
Spark Apps
Property Default Value
Executor Memory Overhead 1024
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
SNYPR Administration Guide 330
Spark Apps
Spark App 9: Behavior Profiling
Property Default Value
Job Name Behavior_Profile
Driver-Memory 1gb
Number of Executors 5
Executor Memory 1gb
Driver Cores 1
Executor Cores 1
Minimum Executors 1
Maximum Executors 20
Initial Executors 1
Sustained Scheduler Backlog Timeout 60s
Executor Idle Timeout 300s
Spark App 13: Action Prediction Learner
Property Default Value
Job Name Action Prediction Learner Job
Driver-Memory 3gb
Number of Executors 10
Executor Memory 5gb
Driver Cores 2
Executor Cores 4
Driver Memory Overhead 1024
Executor Memory Overhead 1024
SNYPR Administration Guide 331
Spark Apps
Property Default Value
Streaming Concurrent Jobs 1
Max App Attempts 20
SNYPR Administration Guide 332
Spark Apps
Add Spark Jobs in ClouderaComplete the following steps to make changes to the Spark app properties and runthe Spark apps from Cloudera.
1. Navigate to SNYPR from Cloudera Manager.
2. Click Add Service.
3. Select SNYPR Gateway from the list of services.
SNYPR Administration Guide 333
Spark Apps
4. Click Continue.
5. Select the host for each Spark job individually to initiate the Gateway Service.
6. Select hosts for new or existing roles.
7. Click OK.
8. Click Continue to proceed.
9. Provide the following information in the Add SNYPR Gateway Service to SNYPR
screen:
SNYPR Administration Guide 334
Spark Apps
a. Jobs OS User: Enter a value.
Example: securonix.
b. Jobs Unique ID: Enter a value for the identifier prefixed to each spark job name.
Example: securonix.
Warning: The job name, Event_Enrichment, will have "securonix_Event_
Enrichment" as the Jobs Unique ID.
c. Jobs start mode: Specify single or multitenant.
SNYPR Administration Guide 335
Spark Apps
Note: Single starts with static memory allocation for executors. Multitenant
uses dynamic memory allocation.
d. Jobs queue name: Specify the name of the queue the Spark application shouldbe assigned. Example: root.
e. MySQL IP: Enter a value. Example: 10.0.0.60.
f. MySQL Port: Enter a value. Default: 3306
g. Database name: Enter a value. Example: snypr6_mn.
h. Database username: Enter a value. Example: root.
i. Database password: Enter a value.
10. Provide the following for all Jobs:
a. Job Name: Name of the Job.
b. Driver Memory: Memory allocated for the Driver.
c. Number of Executors: Number of executors for the job.
d. Executor Memory: The memory to be allocated for the job executors.
e. Driver Cores: The number of driver cores for the job.
f. Executor Cores: The number of executor cores for the job.
g. Consumer Group Name: Name of the Kafka consumer group.
h. Max rate per Partition (MRPP): Maximum rate at which your application can
process the message.
i. Job Duration: Duration of micro-batch in seconds.
j. Driver Memory Overhead: Memory overhead for the driver for each job.
k. Executor Memory Overhead: Memory overhead for the executor for each job.
l. Minimum Executors: Minimum number of executors.
SNYPR Administration Guide 336
Spark Apps
m. Maximum Executors: Maximum number of executors.
n. Initial Executors: Initial number of executors required.
o. Executor Idle Timeout: Maximum idle timeout for executor.
11. Ensure SNYPR Gateway has successfully started service.
12. Click Start SNYPR Gateway to expand details to view logs and errors (if any).
SNYPR Administration Guide 337
Spark Apps
13. Click Finish.
14. Check the status of SNYPR Gateway on the Cloudera Manager homepage. A green
circle indicates the service is running in good health.
15. (Optional) Navigate to Yarn to check the status of the Spark applications
associated with the Job roles to ensure they are running:
SNYPR Administration Guide 338
Spark Apps
Stop Spark Jobs in Cloudera1. Log in to Cloudera Manager.
2. Click down arrow to select Stop from SNYPR Gateway Actions menu.
3. Ensure the service has successfully stopped.
Warning: The service display a status, Failed, (even though all roles have been
stopped), is due to a Known Issue described in the SNYPR Installation Guide. The
only time you can ignore the failed status is if Step 1: Gracefully stop the service
completed successfully.
4. Navigate to YARN to ensure the applications show Killed status.
SNYPR Administration Guide 339
Spark Apps
5. Navigate to SNYPR Gateway Service summary from Cloudera Manager.
Example: Enrichment Job.
6. Click Actions > Stop_<Role_Name>_App.
Example: Stop_Enrichment_App.
7. Ensure the job has stopped successfully.
SNYPR Administration Guide 340
Spark Apps
8. Navigate to YARN to ensure the job shows Killed status.
SNYPR Administration Guide 341
Spark Apps
Administer Spark Jobs using Command LineComplete the following steps to make changes to the Spark Job properties and run theSpark jobs:
1. Navigate to the installation folder designated during Installation.
Example: "/Securonix/tenants/snypr/Sparkjobs/".
2. (Optional) Edit Spark jobs parameters in the "snypr_apps.properties" file in"/Securonix/tenants/snypr/Sparkjobs/conf/snypr_apps.properties".
snypr_apps.properties
The scripts to run each Spark job have been converted to accept the configurationsas arguments.
Configurable parameters:
l Name (name)
l Driver memory (driver-memory)
l Number of executors (num-executors)
l Executor Memory (executor-memory)
l Drive cores (driver-cores)
l Executor cores (executor-cores)
l Consumer group (cg)
l Max rate per partition (mrpp)
l Duration (d)
l HDFS user having access permission to HDFS
l Unique identifier to distinguish your jobs, attached as prefix to the name ofeach spark job initiated (tenant.id)
SNYPR Administration Guide 342
Spark Apps
Example: If tenant.id =CS, the jobs will be run as “CS_Event_Enrichment”
l queue name
These configurations are maintained in a file, “snypr_apps.properties”. This file canbe edited to run your custom configurations for each job.
3. Execute the following command to run all Spark jobs at once: sh snypr_apps.sh
-a all
snypr_apps.sh
l Utility script to start the spark application by reading from the properties file,"snypr_apps.properties"
l The script will start each application, wait for 20s and check the status of theapplication. If it is in Running state, then it generates a <jobname.pid> filewith the applicationId of the application.
Example: jobname=CS_Event_Enrichment, then CS_Event_
Enrichment.pid will have the applicationId for CS_Event_Enrichment
l If it doesn’t go to “Running” state, then the <Jobname=applicationId> isstored in a file <tenant.id_pending_apps.txt>
Example: CS_pending_apps.txt
l This file is once again checked after 30s to check if the application has moved to“Running” state or “Failed” state. The logs for status check for pendingapplications are maintained in < tenant.id_pending_apps.log>
Example: CS_pending_apps.log
l Following are the ways the script can start the spark application:
SNYPR Administration Guide 343
Spark Apps
o -r (or) range: Series of applications at once i.e to start jobs from enrichmentthrough behavior analytics, we can use:
sh snypr_apps.sh –r <from_number-to_number>
Example:l sh snypr_apps.sh –r 1-4
l sh snypr_apps.sh –range 1-4
o -i (or) initiate: Start individual jobs or a list of discontinuous jobs:
sh snypr_apps.sh –i <job_number>
Example:l sh snypr_apps.sh –i 1
l sh snypr_apps.sh –i 1,5,9
l sh snypr_apps.sh –initiate 1,5,9
o -a (or) alias: By alias
sh snypr_apps.sh –a <alias_name>
Example:l sh snypr_apps.sh –a enrichment
l sh snypr_apps.sh -alias enrichment
4. To start all applications:
sh snypr_apps.sh –a all
SNYPR Administration Guide 344
Spark Apps
Example
[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -a all
17/05/18 12:11:12 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_Event_Enrichment running successfully, CS_Event_
Enrichment.pid generated in /Securonix/props_sparkjobs/logs
17/05/18 12:11:34 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_Event_Ingestion running successfully, CS_Event_Ingestion.pid
generated in /Securonix/props_sparkjobs/logs
17/05/18 12:11:55 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_Event_Indexer running successfully, CS_Event_Indexer.pid
generated in /Securonix/props_sparkjobs/logs
17/05/18 12:12:16 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Warning: CS_Behaviour_Analytics not running, appended to
/Securonix/props_sparkjobs/logs/CS_pending_app.txt
17/05/18 12:12:37 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_Policy_Engine_IEE running successfully, CS_Policy_Engine_
IEE.pid generated in /Securonix/props_sparkjobs/logs
17/05/18 12:12:58 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_Policy_Engine_AEE running successfully, CS_Policy_Engine_
AEE.pid generated in /Securonix/props_sparkjobs/logs
17/05/18 12:13:20 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_ThreatModel_RiskScoring_App running successfully, CS_
ThreatModel_RiskScoring_App.pid generated in /Securonix/props_
sparkjobs/logs
SNYPR Administration Guide 345
Spark Apps
17/05/18 12:13:41 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Warning: CS_Analytics_App not running, appended to
/Securonix/props_sparkjobs/logs/CS_pending_app.txt
17/05/18 12:14:02 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_Behaviour_Profile running successfully, CS_Behaviour_
Profile.pid generated in /Securonix/props_sparkjobs/logs
Checking all pending app status, check
/Securonix/tenants/snypr/Sparkjobs/logs/CS_pending_app.log for
any further errors
5. Execute the following command to terminate all Spark jobs at once: sh snypr_apps.sh -t all CS
-t (or) -terminate: To terminate a particular application, you can pass by range, one
job number/list of jobs, alias or kill all jobs for a particular tenant
sh snypr_apps.sh -t <option> <tenantId>
Option 1: Terminate a continuous range of jobs
sh snypr_apps.sh -t <start_job_num>-<end_job_num> <tenantId>
Example: sh snypr_apps.sh -t 1-4 CS
Option 2: Kill one job
Example:l sh snypr_apps.sh -t <job_num> <tenantId>
l sh snypr_apps.sh -t 4 CS
Option 3: Kill a list of discontiuous jobs
SNYPR Administration Guide 346
Spark Apps
sh snypr_apps.sh -t <job_num1>,<job_num2>,<job_num3>..
<tenantId>
Example: sh snypr_apps.sh -t 1,5,8 CS
Option 4: Kill using an alias
sh snypr_apps.sh -t <job_alias_name> <tenantId>
Example: sh snypr_apps.sh -t enrichment CS
Option 5: Kill all applications for a tenant
sh snypr_apps.sh -t all <tenantId>
Example:l sh snypr_apps.sh -t all CS
l sh snypr_apps.sh -terminate all CS
Example
[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -t all CS
17/05/18 12:41:20 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
No such yarn appication with name = CS_Analytics_App present
17/05/18 12:41:21 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
No such yarn appication with name = CS_Behaviour_Profile
present
17/05/18 12:41:22 INFO client.RMProxy: Connecting to
SNYPR Administration Guide 347
Spark Apps
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
killing CS_Event_Enrichment
17/05/18 12:41:23 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:41:24 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Killing application application_1494916983246_0199
17/05/18 12:41:25 INFO impl.YarnClientImpl: Killed application
application_1494916983246_0199
17/05/18 12:41:26 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
killing CS_Event_Indexer
17/05/18 12:41:27 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:41:28 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Killing application application_1494916983246_0201
17/05/18 12:41:29 INFO impl.YarnClientImpl: Killed application
application_1494916983246_0201
17/05/18 12:41:29 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
killing CS_Event_Ingestion
17/05/18 12:41:30 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:41:32 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Killing application application_1494916983246_0200
17/05/18 12:41:32 INFO impl.YarnClientImpl: Killed application
application_1494916983246_0200
17/05/18 12:41:33 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
SNYPR Administration Guide 348
Spark Apps
killing CS_Policy_Engine_AEE
17/05/18 12:41:34 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:41:35 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Killing application application_1494916983246_0204
17/05/18 12:41:36 INFO impl.YarnClientImpl: Killed application
application_1494916983246_0204
17/05/18 12:41:37 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
killing CS_Policy_Engine_IEE
17/05/18 12:41:38 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:41:39 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Killing application application_1494916983246_0203
17/05/18 12:41:39 INFO impl.YarnClientImpl: Killed application
application_1494916983246_0203
17/05/18 12:41:40 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
killing CS_ThreatModel_RiskScoring_App
17/05/18 12:41:41 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:41:42 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Killing application application_1494916983246_0205
17/05/18 12:41:43 INFO impl.YarnClientImpl: Killed application
application_1494916983246_0205
6. Execute the following command to check the status of all pending Spark jobs:
snypr_check-pending-apps.sh
SNYPR Administration Guide 349
Spark Apps
l Checks if the applications started by the snypr_apps.sh has moved to “Running”state and if in running state, generates <jobname.pid> file containing theapplicationId of the application
l Argument required:
l File containing the jobname & applicationId < tenant.id_pending_apps.txt>
Example: CS_pending_apps.txt Usage: sh snypr_check-pending-
apps.sh CS_pending_apps.txt
Example
[root@10-0-0-90 sparkjobs]# cat logs/CS_pending_app.log
17/05/18 12:14:54 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
CS_Behaviour_Analytics failed, try re-initiating
7. Execute the following command to check the status of all Spark jobs: sh snypr_apps.sh -s 1 CS
-s (or) -status: To get status a particular application by specifying the jobnum oralias name
sh snypr_apps.sh -s <job_num> <tenantId>
Example:l sh snypr_apps.sh -s 1 CS
l sh snypr_apps.sh -s <alias_name> <tenantId>
sh snypr_apps.sh -s enrichment <tenantId>
SNYPR Administration Guide 350
Spark Apps
Example
[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -s 1 CS
17/05/18 12:21:32 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:21:33 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:21:34 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Application Report :
Application-Id : application_1494916983246_0199
Application-Name : CS_Event_Enrichment
Application-Type : SPARK
User : securonix
Queue : root.root
Start-Time : 1495127477673
Finish-Time : 0
Progress : 10%
State : RUNNING
Final-State : UNDEFINED
Tracking-URL : http://10.0.0.90:43713
RPC Port : 0
AM Host : 10.0.0.90
Aggregate Resource Allocation : 2500214 MB-seconds, 1220 vcore-
seconds
Log Aggregation Status : NOT_START
Diagnostics :
[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -s 2 CS
17/05/18 12:21:54 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:21:56 INFO client.RMProxy: Connecting to
SNYPR Administration Guide 351
Spark Apps
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:21:57 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Application Report :
Application-Id : application_1494916983246_0200
Application-Name : CS_Event_Ingestion
Application-Type : SPARK
User : securonix
Queue : root.root
Start-Time : 1495127498602
Finish-Time : 0
Progress : 10%
State : RUNNING
Final-State : UNDEFINED
Tracking-URL : http://10.0.0.94:34406
RPC Port : 0
AM Host : 10.0.0.94
Aggregate Resource Allocation : 2510521 MB-seconds, 1225 vcore-
seconds
Log Aggregation Status : NOT_START
Diagnostics :
[root@10-0-0-90 sparkjobs]# sh snypr_apps.sh -s 3 CS
17/05/18 12:22:11 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:22:12 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
17/05/18 12:22:14 INFO client.RMProxy: Connecting to
ResourceManager at 10-0-0-90.securonix.com/10.0.0.90:8032
Application Report :
Application-Id : application_1494916983246_0201
Application-Name : CS_Event_Indexer
SNYPR Administration Guide 352
Spark Apps
Application-Type : SPARK
User : securonix
Queue : root.root
Start-Time : 1495127520070
Finish-Time : 0
Progress : 10%
State : RUNNING
Final-State : UNDEFINED
Tracking-URL : http://10.0.0.91:43255
RPC Port : 0
AM Host : 10.0.0.91
Aggregate Resource Allocation : 2489124 MB-seconds, 1214 vcore-
seconds
Log Aggregation Status : NOT_START
Diagnostics :
8. Execute the following script to get logs for a particular application: sh snypr_apps.sh -l <application_name>
-l (or) -logs: To get logs a particular application
sh snypr_apps.sh -l <application_name>
Example:l sh snypr_apps.sh -l CS_Event_Enrichment
l sh snypr_apps.sh -logs CS_Event_Enrichment
9. Execute the following script to run the Spark applications in either multitenantmode or single mode: sh snypr_apps.sh <script intializingparameters> -m <mode>
SNYPR Administration Guide 353
Spark Apps
-m (or) -mode: To run the spark applications in either "multi-tenant" mode to passthe dynamic parameters or "single" mode
sh snypr_apps.sh <script intializing parameters> -m <mode>
Example:l sh snypr_apps.sh -a all -m multitenant
l sh snypr_apps.sh -i 1 -m single
l sh snypr_apps.sh -r 1-9 -m multitenant
Note: If the mode is not explicitly mentioned in the parameters, the applications
will be initiated with mode specified in the properties file.
Tip: Files starting with "mt" are used to run the scripts in multi-tenant mode.
SNYPR Administration Guide 354
Spark Apps
View YARN Application StatusTo view the YARN applications and their status, use the following command:
List the applications from the resource manager
SNYPR Administration Guide 355
Appendix A: Access Privileges
Appendix A: Access PrivilegesIn Access Control, you can grant specific access privileges to each user role. Theseareas include the following
Privileges are grouped based on the module (i.e., dashboard, manage, detect, respond,reports, and configure). The complete list of privileges is displayed in the followingtables:
Add Data
Category URL ID Description
AddData
/config/licenseSuccessSettings3697
Configuration-LicenseSuccessSettings
AddData
/users/showScheduleImportJob1856
Configure-Tasks-UserImport[showsuser importscreen]
AddData
/users/showUserJobStatusDetails1855
Configure-Tasks[showsdetails of userimport job]
AddData
/users/saveConfig1854
Configure-Tasks-Configure UserImport[savesvalues for userimport configreceived fromuser importconfig screen]
SNYPR Administration Guide 356
Appendix A: Access Privileges
Category URL ID Description
AddData
/users/showImportConfig1853
Configure-Tasks-Configure UserImport[showsuser importconfig screen]
AddData
/resource/updateActivityAttributeDisplayOrder4394
Resource-UpdateActivityAttributeDisplay Order
AddData
/resource/showResourceGroupsForNode4393
ResourceGroups ForNode
AddData
/resource/isAccessValueDuplicate4392
Resource-Check ifAccess Value isDuplicate
AddData
/resource/saveConfigTemplate4391
Resource-SaveConfigurationTemplate
AddData
/users/importUsers1857
Configure-Tasks-UserImport[importusers fromspecifeddatasource]
AddData
/resource/getNitroWSDeviceList4390
Resource-GetNitro WSDevice List
SNYPR Administration Guide 357
Appendix A: Access Privileges
Category URL ID Description
AddData
/watchList/listActivityTransactionNotInWatchlist4505
Watchlist-Listof ActivityTransactionsNot inWatchlist
AddData
/users4503
Users
AddData
/resource/toggleSuspectchecksFlag4365
Resource-ToggleSuspectchecksFlag
AddData
/resource/previewActivityCorrelationResults4420
Resource-PreviewActivityCorrelationResults
AddData
/resource/updateAccountAttributes4418
Resource-UpdateAccountAttributes
AddData
/resource/showEditActivityUserFilter4417
Resource-ShowEdit ActivityUser Filter
AddData
/resource/showUncorrelatedAccountsWithAccessValue
4416
Resource-ShowUncorrelatedAccounts WithAccess Value
AddData
/resource/showCorrelatedResults4415
Resource-ShowCorrelatedResults
SNYPR Administration Guide 358
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/showCorrelatedActivityAccountsUsage4389
Resource-ShowCorrelatedActivityAccountsUsage
AddData
/resource/saveActionFilters4414
Resource-SaveAction Filter
AddData
/peer/showCreationRules1868
Manage-Peers-Peer CreationRules
AddData
/peer/showJobForAssignmentRules1884
Manage-Peers-PeerAssignmentRules[showslist of peerassignmentrules job]
AddData
/resource/addReport4376
Resource-AddReport
AddData
/resource/showBehaviorConfig4375
Resource-ShowBehaviorConfiguration
AddData
/resource/showAddResourceGlossary4374
Show AddResourceGlossary
AddData
/resource/updateGlossary4373
Resource-UpdateGlossary
AddData
/resource/saveResourceGroupList4372
Save ResourceGroup List
SNYPR Administration Guide 359
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/showJobsForAccess4371
Resource-ShowJobs ForAccess
AddData
/resource/getDeviceList4370
Resource-GetDevice List
AddData
/resource/4369
Resource
AddData
/peer/showJobForCreationRules1869
Manage-Peers-Peer CreationRules[showslist of peercreation rulesjob]
AddData
/resource/searchAJAX4368
Resource-Search usingAJAX
AddData
/resource/searchActivityAccountsAJAX4386
Resource-Search ActivityAccounts usingAJAX
AddData
/users/showUserRiskDetails4442
Users-ShowUser RiskDetails
AddData
/resource/saveGlosssaryImportConfig1920
Configure-Tasks-ConfigureGlossaryImport[savevaluesrecieved fromconfigureglossary importscreen]
SNYPR Administration Guide 360
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/isResourceAccessAttributeNameDuplicate
4388
Check ifResourceAccessAttributeName isDuplicate
AddData
/resource/saveAccessImportConfig1918
Configure-Tasks-ConfigureAccess Import[save valuesrecieved fromconfigureaccess importscreen]
AddData
/resource/resourceAccessConfig1917
Configure-Tasks-ConfigureAccess Import[showsconfigureaccess importscreen]
AddData
/resource/saveConnType1916
Configure-Tasks-ConfigureActivity Import[save valuesrecieved fromconfigureactivity importscreen]
SNYPR Administration Guide 361
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/resourceActivitiesConfig1915
Configure-Tasks-ConfigureActivity Import[showsconfigureactivity importscreen]
AddData
/resource/showAccessCorrelationRulesList4367
Resource-ShowAccessCorrelationRules List
AddData
/resource/listResourceGroupsForGlossaryImport4377
List ResourceGroups ForGlossaryImport
AddData
/resource/getDatasourceConnection4413
Resource-GetDatasourceConnection
AddData
/resource/importActivities4411
Resource-ImportActivities
AddData
/resource/resourceEvents4434
Resource-ResourceEvents
AddData
/resource/showAppEvents4433
Resource-ShowApplicationEvents
AddData
/resource/getResourceGroupGeneralDetails4432
Get GeneralDetails forResourceGroup
SNYPR Administration Guide 362
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/showBubbleChartByAccessValue4431
Resource-ShowBubble ChartBy AccessValue
AddData
/resource/getSailpointDatasourceAttr4430
Resource-GetSailpointDatasourceAttributes
AddData
/resource/ipMappingEnabledChk4429
Resource-Check for IPMappingEnabled
AddData
/settings/updateLogLevels1966
Configure-Logging-Modules[update loglevel]
AddData
/resource/isResourceAttributeNameDuplicate4427
Check ifResourceAttributeName isDuplicate
AddData
/resource/updateResourceColor4435
UpdateResource Color
AddData
/resource/advancedSearchAddUser4426
Resource-AdvancedSearch AddUser
AddData
/resource/getFilterCondition4424
Resource-GetFilterCondition
SNYPR Administration Guide 363
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/fetchUiConfig4423
Resource-Fetch UIConfig
AddData
/users/save4455
Users-Save
AddData
/users/updateCriticality4457
Users-UpdateCriticality
AddData
/users/getUserActivityAccounts4502
Users-GetUser ActivityAccounts
AddData
/users/showUserQuickInfo4481
Show UserQuick Info
AddData
/users/showManagerDetails4483
Users-ShowManagerDetails
AddData
/users/getLastImportDateForResource4484
Users-Get LastImport Datefor Resource
AddData
/resource/showImportResourceMetadata4425
Show ImportResourceMetadata
AddData
/resource/showResourceGlossary4412
Show ResourceGlossary
AddData
/resource/saveNitroFieldFilter4436
Resource-SaveNitro FieldFilter
AddData
/resource/showActivityJobStatusDetails4438
Resource-Activity JobStatus Details
SNYPR Administration Guide 364
Appendix A: Access Privileges
Category URL ID Description
AddData
/users/getUsageTransactionsListForUser4444
Get UsageTransactionsList for User
AddData
/users/getMonths4445
Users-GetMonths
AddData
/users/getUpdatedToken4446
Users-GetUpdated Token
AddData
/users/advancedSearch4447
Users-AdvancedSearch
AddData
/users/getDefaultQuery4448
Users-GetDefault Query
AddData
/users/verifyUserImportConfig4449
Users-VerifyUser ImportConfig
AddData
/users/saveStatusDescriptionRules4450
Users-SaveStatusDescriptionRules
AddData
/users/getPeerBaselines4451
Users-GetPeer Baselines
AddData
/resource/listOwners4437
Resource-Owners List
AddData
/users/showSearch4452
Users-ShowSearch
AddData
/users/emailTemplates4454
Users-EmailTemplates
AddData
/resource/showGlossaryImportConfig4419
Resource-ShowGlossaryImportConfiguration
SNYPR Administration Guide 365
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/searchResourceTypeAJAX4421
SearchResource Typeusing AJAX
AddData
/users/decryptSelectedUsers4456
Users-DecryptSelected Users
AddData
/resource/showVennChartByAccessValue4422
Resource-ShowVenn Chart ByAccess Value
AddData
/resource/editFieldFilter4440
Resource-EditField Filter
AddData
/resource/previewAccessImportConfig4439
Resource-PreviewAccess ImportConfiguration
AddData
/users/isEmployeeIdDuplicate4443
Users-Check ifEmployee Id isDuplicate
AddData
/users/showDLPAlerts4453
Users-ShowDLP Alerts
AddData
/users/showAccessLevel34485
Users-AccessLevel3
AddData
/resource/saveLineFilters4378
Resource-SaveLine Filters
AddData
/resource/showAccessValuesByPeer4380
Resource-ShowAccess ValuesBy Peer
AddData
/config/showPreviewTEMP3699
Configuration-ShowPreviewTEMP
SNYPR Administration Guide 366
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/isWorkflowDuplicate3698
Configuration-Check ifWorkflow isDuplicate
AddData
/config/showSamlSettings3696
Configuration-Show SAMLSettings
AddData
/config/isFileExist3695
Configuration-Check if FileExists
AddData
/config/maskUnmaskData3694
Configuration-Mask orUnmask Data
AddData
/config/showConfigureResourceRiskLevels3693
Configuration-ShowConfigureResource RiskLevels
AddData
/config/getEncryptionKeyCount3692
Configuration-Get Key Countfor Encryption
AddData
/peer/getPeerActivityDates4225
Get PeerActivity Dates
AddData
/config/updateJob3700
Configuration-Update Job
AddData
/uf/saveRgUfConfig3026
Configure-UniversalForwarder-Save/UpdateResourceGroupConfiguration
SNYPR Administration Guide 367
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/deleteAccessValue4406
Resource-Delete AccessValue
AddData
/resource/listFormatForActivity4403
Resource-ListFormat ForActivity
AddData
/resource/scheduleActivityCorrelationJob4402
Resource-ScheduleActivityCorrelationJob
AddData
/resource/verifyAccessImportDatasourceConfig4401
Resource-Verify AccessImportDatasourceConfiguration
AddData
/resource/showAccessImportAttrMapping4400
Resource-ShowAccess ImportAttributeMapping
AddData
/resource/showActivityOutlierDetailsForResourceByJobId
4399
ActivityOutlier DetailsFor ResourceBy Job Id
AddData
/resource/showResourceActivitySummary4398
Show ResourceActivitySummary
AddData
/resource/showUnCorrelatedAccountDetails4397
Resource-UnCorrelatedAccountDetails
SNYPR Administration Guide 368
Appendix A: Access Privileges
Category URL ID Description
AddData
/peer/listSelectPeer4227
List SelectPeer
AddData
/resource/getPoliciesList4396
Resource-GetPolicies List
AddData
/config/deleteAttachment3701
Configuration-DeleteAttachment
AddData
/config/populatetpikb3702
Configuration-Populate PIKB
AddData
/config/createGeoImportConfig3672
Configuration-CreateGeolocationImportConfiguration
AddData
/config/manageEncryption3671
Configuration-ManageEncryption
AddData
/config/saveMetaconnection3670
Configuration-Save MetadataConnection
AddData
/config/showConfigurePeerRiskLevels3669
Configuration-Configure PeerRisk Levels
AddData
/config/showDetails3668
Configuration-Show Detials
AddData
/config/refreshUploadLicense3688
Configuration-Refresh UploadLicense
AddData
/config/isValidatePort3690
Configuration-Check if Port ifValid
SNYPR Administration Guide 369
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/showUploadLicense3714
Configuration-Show UploadLicense
AddData
/config/checkConfig3691
Configuration-CheckConfiguration
AddData
/config/getBeforeEncrypDecryptData3703
Configuration-Get BeforeEncryption orDecrypttion ofData
AddData
/config/showAddWorkflowStatus3712
Configuration-Show AddWorkflowStatus
AddData
/config/showSavedJobDetails3711
Configuration-Show SavedJob Details
AddData
/config/getDistinctColValuesFromCRP3710
Configuration-Get DistinctColumn ValuesFrom CRP
AddData
/config/deleteConfig3708
Configuration-DeleteConfiguation
AddData
/config3707
Configuration
AddData
/config/decryptData3706
Configuration-Decrypt Data
AddData
/config/selectJobsForChaining3705
Configuration-Select Jobs ForChaining
SNYPR Administration Guide 370
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/getSpecificBprofileconfigDetails3704
Configuration-Get Specific BProfileConfigurationDetails
AddData
/config/saveButton3713
Configuration-Save Button
AddData
/resource/saveActivityOutlierPolicy4379
Resource-SaveActivityOutlier Policy
AddData
/resource/showMonitorAccounts4395
Resource-ShowMonitorAccounts
AddData
/chainTransaction/searchTransactions1931
Manage-Resources-ActivityManagement[shows activitymanagementscreen]
AddData
/watchList/auditLogs4516
Watchlist-Audit Logs
AddData
/watchList/showWatchlistImportJob4517
Watchlist-Show WatchlistImport Job
AddData
/watchList/listActivityAccountNotInWatchlist4518
Watchlist-Listof ActivityAccounts Notin Watchlist
AddData
/watchList/showAddToWhitelist4519
Watchlist-Show Add toWhitelist
SNYPR Administration Guide 371
Appendix A: Access Privileges
Category URL ID Description
AddData
/watchList/addSelectedMembers4521
Add SelectedMembers toWatchlist
AddData
/watchList/4522
Show Watchlist
AddData
/watchList/listUsersNotInWatchlist4523
Watchlist-Listof Users Not inWatchlist
AddData
/watchList/addToWL4524
Add toWatchlist
AddData
/watchList/showWLImportConfig4515
Watchlist-Show WatchlistImportConfiguration
AddData
/resource/showCorrelationRulesList4409
Resource-ShowCorrelationRules List
AddData
/resource/selectResourceForActivitiesImport1921
Configure-Tasks-ActivityImport[showsactivity importscreen]
AddData
/watchList/getUpdatedToken4504
Watchlist-GetUpdated Token
AddData
/resource/searchActivityAccounts4387
Resource-Search ActivityAccounts
AddData
/resource/showAllTranForAccount4385
Resource-ShowAll Tran ForAccount
SNYPR Administration Guide 372
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/previewTokens4384
Resource-PreviewTokens
AddData
/resource/showResourceBehaviorSummary4383
Show ResourceBehaviorSummary
AddData
/resource/selectedUsers4382
Resource-Selected Users
AddData
/resource/showActivityOutliersJobStatus4381
Resource-ShowActivityOutliers JobStatus
AddData
/resource/selectResourceForAccessImport1923
Configure-Tasks-AccessImport[showsaccess importscreen]
AddData
/chainTransaction/list1932
Manage-Resources-ActivityManagement[shows list ofactivities onactivitymanagemntscreen]
AddData
/resource/editArchSightLoggerFieldFilter4410
Resource-EditArchSightLogger FieldFilter
AddData
/watchList/memberlist4513
Watchlist-ShowMemberlist
SNYPR Administration Guide 373
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/scheduleGeolocationJob1930
Configure-Tasks-PopulateGeolocation[schedulepopulategeolocationjob]
AddData
/resource/showGeolocationJob1929
Configure-Tasks-ActivityArchival[showpopulategeolocationscreen]
AddData
/resource/scheduleActivityArchivalJob1928
Configure-Tasks-ActivityArchival[scheduleactivityarchival]
AddData
/resource/previewGlossaryData4574
Previewglossary datawhileimporting
AddData
/resource/showScheduleActivityArchivalJob1927
Configure-Tasks-ActivityArchival[showsactivityarchivalscreen]
SNYPR Administration Guide 374
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/scheduleGlossaryJob1926
Configure-Tasks-GlossaryImport[scheduleglossary importjob]
AddData
/resource/selectResourceForGlossaryImport1925
Configure-Tasks-GlossaryImport[showsglossary importscreen]
AddData
/resource/scheduleAccessJob1924
Configure-Tasks-AccessImport[scheduleaccess importjob]
AddData
/watchList/listAccessAccountNotInWatchlist4514
Watchlist-Listof AccessAccounts Notin Watchlist
AddData
/resource/correlateToUser4405
Resource-Correlate toUser
AddData
/resource/scheduleActivityImportJob1922
Configure-Tasks-ActivityImport[scheduleactivity importjob]
AddData
/resource/searchResourceGroupsAJAX4408
SearchResourceGroups AJAX
SNYPR Administration Guide 375
Appendix A: Access Privileges
Category URL ID Description
AddData
/watchList4506
Add Data-ShowWatchlist
AddData
/watchList/searchWLAJAX4507
Watchlist-SearchWatchlistthrough AJAX
AddData
/watchList/index4508
Watchlist
AddData
/watchList/manageWatchListMembers4510
Watchlist-ManageWatchListMembers
AddData
/watchList/saveWlImportConfig4511
Watchlist-SaveWatchlistImportConfiguration
AddData
/watchList/scheduleWLJob4512
Watchlist-ScheduleWatchlist Job
AddData
/resource/getFieldsForLineFilterRules4407
Resource-GetFields For LineFilter Rules
AddData
/users/showAccessLevel44486
Users-AccessLevel4
AddData
/users/previewData4487
Users-PreviewData
AddData
/users/showDeleteAllUsersWarning4488
Users-ShowDelete AllUsers Warning
AddData
/peer4240
Peer
SNYPR Administration Guide 376
Appendix A: Access Privileges
Category URL ID Description
AddData
/peer/showPeerCreationJobStatus4241
Show PeerCreation JobStatus
AddData
/resource/getResourceTypesList4242
Get ResourceTypes List
AddData
/resource/showBehaviorActivityDetails4243
Resource-ShowBehaviorActivity Details
AddData
/resource/saveResourceConfig4245
Save ResourceConfig
AddData
/peer/showResourcesForPeerBehavior4236
Resources ForPeer Behavior
AddData
/resource/showActivityJobErrors4246
Resource-ShowActivity JobErrors
AddData
/resource/getDistinctColumnValue4247
Resource-GetDistinctColumn Value
AddData
/peer/advancedSearch4239
Peer-AdvancedSearch
AddData
/resource/showLineFiltersList4248
Resource-ShowLine Filters List
AddData
/resource/uploadImportFile4250
Resource-Upload ImportFile
AddData
/resource/showCreateResourceDialog4251
Show CreateResourceDialog
AddData
/peer/showPeerUserAccessDetails4237
Peer UserAccess Details
SNYPR Administration Guide 377
Appendix A: Access Privileges
Category URL ID Description
AddData
/peer/getUsageResourcesListForPeer4235
Get UsageResources Listfor Peer
AddData
/resource/verifyDatasourceConfig4272
Resource-VerifyDatasourceConfig
AddData
/resource/drillDownStackedChartByAccessValue4356
Resource-FilterStacked ChartBy AccessValue
AddData
/resource/assignSelectedUserToResource4362
AssignSelected Userto Resource
AddData
/resource/assignAppToUser4361
Resource-Assign App ToUser
AddData
/resource/showVulnerabilities4249
Resource-ShowVulnerabilities
AddData
/resource/showTranForAccount4360
Resource-ShowTransaction forAccount
AddData
/peer/reloadAutoComplete4238
Peer-ReloadAuto Complete
AddData
/resource/updateResourceGroupAttributes4273
UpdateResourceGroupAttributes
AddData
/resource/loadsureviewfilter4346
Resource-LoadSureview Filter
SNYPR Administration Guide 378
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/getResourceActivityDates4305
Get ResourceActivity Dates
AddData
/resource/getDatasourceType4331
Resource-GetDatasourceType
AddData
/resource/quickSearchAJAX4347
Resource-Quick Searchusing AJAX
AddData
/resource/importAccess4348
Resource-Import Access
AddData
/resource/showWhoIs4349
Resource-ShowWho Is
AddData
/resource/searchResourceGroup4350
SearchResourceGroup
AddData
/resource/loadFields4351
Resource-LoadFields
AddData
/resource/previewEventData4322
Resource-Preview EventData
AddData
/resource/addOwnerForAccessAttribute4352
Resource-AddOwner forAccessAttribute
AddData
/resource/isResourceNameDuplicate4354
Check ifResourceName isDuplicate
AddData
/resource/showUncorrelatedResults4310
Resource-ShowUncorrelatedResults
SNYPR Administration Guide 379
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/updateAccountDescription4309
Resource-UpdateAccountDescription
AddData
/resource/updateTransactionCriticality4308
Resource-UpdateTransactionCriticality
AddData
/resource/showSelectOperatorAttributes4307
Resource-ShowSelectOperatorAttributes
AddData
/resource/renderResourceGroupEventTemplate4306
RenderResourceGroup EventTemplate
AddData
/resource/selectedUsersEdit4327
Resource-Selected UsersEdit
AddData
/resource/updateAccessAccountAttributes4328
Resource-Update AccessAccountAttributes
AddData
/resource/listAttributeValuesForAccessAttribute4353
Resource-ListAttributeValues forAccessAttribute
AddData
/resource/showTranListForAccount4344
Resource-ShowTransactionList forAccount
SNYPR Administration Guide 380
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/toggleLineFilter4359
Resource-Toggle LineFilter
AddData
/resource/getResourceAccessMetadataList4357
Get ResourceAccessMetadata List
AddData
/resource/updateAccessValues4316
Resource-Update AccessValues
AddData
/resource/fillListVenn4255
Resource-FillList Venn
AddData
/resource/runBulkImportResources4266
Run BulkImportResources
AddData
/resource/ipAddrConfig4317
Resource-IPAddressConfiguration
AddData
/resource/saveResourceGlossary4319
Save ResourceGlossary
AddData
/resource/encryptDecryptAccessAttributeValue4262
Resource-EncryptDecryptAccessAttribute Value
AddData
/resource/savecefsettings4256
Resource-SaveCEF Settings
AddData
/resource/getSubTreeData4257
Resource-GetSub Tree Data
SNYPR Administration Guide 381
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/getParentResourceActivityAttributes4315
Get ParentResourceActivityAttributes
AddData
/resource/getNodeResourceGroups4258
Get NodeResourceGroups
AddData
/resource/saveNitroLineFilters4260
Resource-SaveNitro LineFilters
AddData
/resource/searchAccessAccountsAJAX4261
Resource-Search AccessAccounts usingAJAX
AddData
/resource/editNitroFieldFilter4335
Resource-EditNitro FieldFilter
AddData
/resource/previewFieldFilters4263
Resource-Preview FieldFilters
AddData
/resource/saveFieldFilterTemplate4264
Resource-SaveField FilterTemplate
AddData
/resource/attrCheck4265
Resource-AttributeCheck
AddData
/resource/checkAccountViolations4321
Resource-Check AccountViolations
AddData
/resource/showAddNewEntitlement4320
Resource-AddNewEntitlement
SNYPR Administration Guide 382
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/updateAccessAttribute4259
Resource-Update AccessAttribute
AddData
/resource/showFieldFilterRules4358
Resource-ShowField FilterRules
AddData
/resource/getNodesList4267
Resource-GetNodes List
AddData
/resource/saveArcsightloggerFieldFilter4324
Resource-SaveArcsightLogger FieldFilter
AddData
/peer/showAddParent4228
Peer-Show AddParent
AddData
/peer/4234
Peer Creation
AddData
/resource/isScheduleJobNameDuplicate4355
Resource-Check ifSchedule JobName isDuplicate
AddData
/peer/selectedOwnerEdit4229
Peer-SelectedOwner Edit
AddData
/peer/addUsersToPeer4230
Add Users ToPeer
AddData
/peer/isNameDuplicate4231
Peer-Check ifName isDuplicate
AddData
/peer/showBehaviorByResource4232
Peer-ShowBehavior ByResource
SNYPR Administration Guide 383
Appendix A: Access Privileges
Category URL ID Description
AddData
/peer/showPeerAccessDetails4233
Peer AccessDetails
AddData
/resource/showActivityOutliersJobWizard4323
Resource-ShowActivityOutliers JobWizard
AddData
/resource/checkAccountViolationsForResource4252
Check AccountViolations forResource
AddData
/resource/getUpdatedToken4254
Resource-GetUpdated Token
AddData
/resource/getThreatListParameter4318
Resource-GetThreat ListParameter
AddData
/resource/showAccessImportConnType4271
Resource-ShowAccess ImportConnectionType
AddData
/resource/showResourcesForActivityOuliers4326
ShowResources forActivityOuliers
AddData
/resource/showActivityOutliers4270
Resource-ShowActivityOutliers
AddData
/resource/filterResources4269
FilterResources
AddData
/resource/getTransactionsForResource4325
GetTransactionsfor Resource
SNYPR Administration Guide 384
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/listResourceGroupsForAccessImport4268
List ResourceGroups forAccess Import
AddData
/resource/assignToUserList4253
Resource-Assign to UserList
AddData
/resource/getSuspectChecksList4343
Resource-GetSuspectChecksList
AddData
/resource/getChartsList4342
Resource-GetChartsList
AddData
/resource/showSearchUsers4341
Resource-ShowSearch Users
AddData
/users/deleteAllUsers4464
Users-DeleteAll Users
AddData
/users/getUserAccounts4465
Users-GetUser Accounts
AddData
/users/getUserActivityDates4466
Users-GetUser ActivityDates
AddData
/users/getDateTime4467
Users-GetDate and Time
AddData
/users/validateDelimiters4468
Users-ValidateDelimiters
AddData
/users/getTransactionsForResource4469
Users-GetTransactionsfor Resource
AddData
/users/showResourceAccountsForUserBehavior4470
Show ResourceAccounts forUser Behavior
SNYPR Administration Guide 385
Appendix A: Access Privileges
Category URL ID Description
AddData
/users/getFilterCondition4471
Users-GetFilterCondition
AddData
/users/showUserActivitySummary4463
Users-ShowUser ActivitySummary
AddData
/users/showUserImportJobErrors4472
Show UserImport JobErrors
AddData
/users/showTransactionSearchForUser4474
ShowTransactionSearch ForUser
AddData
/users/beforeInterceptor4475
Users-BeforeInterceptor
AddData
/users/getUserResources4476
Users-GetUserResources
AddData
/users/showBehaviorByActivity4478
Users-ShowBehavior ByActivity
AddData
/resource/scheduleImportResources4366
ScheduleImportResources
AddData
/users/showAccessDetails4441
Users-ShowAccess Details
AddData
/resource/verifyGlossaryImportDatasourceConfig4364
Resource-VerifyGlossaryImportDatasourceConfig
SNYPR Administration Guide 386
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/showGlossaryJobStatusDetails4294
Resource-ShowGlossary JobStatus Details
AddData
/users/validateIdentifiers4473
Users-ValidateIdentifiers
AddData
/resource/loadDatasourceAttributes4288
Resource-LoadDatasourceAttributes
AddData
/users/getTreeNodes4462
Users-GetTree Nodes
AddData
/users/getUsageResourcesListForUser4460
Get UsageResources Listfor User
AddData
/users/showAccessLevel14489
Users-AccessLevel1
AddData
/users/create4490
Users-Create
AddData
/users/searchAJAX4491
Users-Searchusing AJAX
AddData
/users/reloadAutoComplete4492
Users-ReloadAuto Complete
AddData
/users/getResourcesListForUser4493
Get ResourcesList for User
AddData
/users/getTransactionsForAccount4494
Users-GetTransactionsfor Account
AddData
/users/getDefaultOIADefaultQuery4495
Users-GetDefault OIADefault Query
SNYPR Administration Guide 387
Appendix A: Access Privileges
Category URL ID Description
AddData
/users/showBehaviorTimeWindowsSummary4496
Users-ShowBehavior TimeWindowsSummary
AddData
/users/showAccessLevel24461
Users-AccessLevel2
AddData
/users/quickSearchAJAX4497
Users-QuickSearch usingAJAX
AddData
/users/showBehaviorWithSuspectForUser4499
Users-BehaviorWith Suspectfor User
AddData
/users/getTransactionsForResourceId4500
Users-GetTransactionsFor ResourceId
AddData
/users/showBehaviorActivityDetails4501
Users-BehaviorActivity Details
AddData
/users/showDashboard4482
Users-ShowDashboard
AddData
/users/showUserChangeHistory4480
Show UserChange History
AddData
/users/getUserAccountsByEmployeeId4458
Users-GetUser AccountsBy EmployeeId
AddData
/users/4479
Add Data-Enable UserImport
SNYPR Administration Guide 388
Appendix A: Access Privileges
Category URL ID Description
AddData
/users/showIPMappingForNetworkAddress4459
Users-Show IPMapping forNetworkAddress
AddData
/users/showAttrMapping4498
Users-AttributeMapping
AddData
/resource/deleteReport4289
Resource-Delete Report
AddData
/resource/getAccountData4290
Resource-GetAccount Data
AddData
/resource/getTransactionsForResourceId4291
GetTransactionsfor ResourceId
AddData
/resource/previewAccessData4277
Resource-PreviewAccess Data
AddData
/resource/saveArcsightLoggerLineFilters4276
Resource-SaveArcsightLogger LineFilters
AddData
/resource/saveFieldFilterRules4275
Resource-SaveField FilterRules
AddData
/resource/searchTransactionsForResource4333
SearchTransactionsfor Resource
AddData
/resource/showUnCorrelatedActivityAccountsUsage
4302
Resource-UnCorrelatedActivityAccountsUsage
SNYPR Administration Guide 389
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/getSolrFilterCondition4303
Resource-GetSolr FilterCondition
AddData
/resource/showResourceEvents4304
Show ResourceEvents
AddData
/resource/showCreateAttribute4345
Resource-ShowCreateAttribute
AddData
/resource/reloadAutoComplete4278
Resource-Reload AutoComplete
AddData
/resource/showCorrelationResults4336
Resource-CorrelationResults
AddData
/resource/saveAccessConfigTemplate4338
Resource-SaveAccess ConfigTemplate
AddData
/resource4314
Add Data-Resource
AddData
/resource/showBehaviorTimeWindowsSummary4313
Resource-ShowBehavior TimeWindowsSummary
AddData
/resource/removeResourceGlossary4312
RemoveResourceGlossary
AddData
/resource/loadResourceGroupEvents4311
Load ResourceGroup Events
SNYPR Administration Guide 390
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/getActivityAttributesForResourceGroup
4332
Get ActivityAttributes forResourceGroup
AddData
/resource/searchResources4339
SearchResources
AddData
/resource/getUsageTransactionsListForResource4340
Get UsageTransactionsList ForResource
AddData
/resource/showUserDetailsForActivityOutliers4337
Resource-ShowUser Detailsfor ActivityOutliers
AddData
/config/saveCriticality1970
Configure-Criticality[schedulecriticality job]
AddData
/resource/saveActivityOutliers4280
Resource-SaveActivityOutliers
AddData
/resource/showEventsSummary4363
Resource-ShowEventsSummary
AddData
/resource/showJobsForActivities4292
Resource-ShowJobs forActivities
AddData
/resource/showAccessValueDetails4293
Resource-ShowAccess ValueDetails
SNYPR Administration Guide 391
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/beforeInterceptor4295
Resource-BeforeInterceptor
AddData
/resource/showResourceGroupsForNode_DELETE4274
ResourceGroups ForNode_DELETE
AddData
/resource/showCreateResourceGroupList4296
CreateResourceGroup List
AddData
/resource/checkViolationsForResource4297
CheckViolations forResource
AddData
/resource/list4298
Resource-List
AddData
/resource/getMappedActivityAttributesList4299
Resource-GetMappedActivityAttributes List
AddData
/resource/showEditUserFilter4300
Resource-EditUser Filter
AddData
/resource/toggleAnalysisTpiState4301
Resource-Toggle AnalysisThird PartyIntelligenceState
AddData
/resource/showStackedChartByAccessValue4287
Resource-ShowStacked ChartBy AccessValue
SNYPR Administration Guide 392
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/getExistingTemplateDetails4286
Resource-GetExistingTemplateDetails
AddData
/config/showConfigureCriticality1969
Configure-Criticality[showsschedulecriticality jobscreen]
AddData
/resource/showResourceMetadata4284
Show ResourceMetadata
AddData
/resource/showActivityJobStatusDetailsInProcess4283
Resource-ShowActivity JobStatus DetailsIn Process
AddData
/resource/maskUnmaskAccessAttributeValue4282
Resource-MaskedUnmaskedAccessAttribute Value
AddData
/resource/showCorrelatedAccountsWithAccessValue
4330
Resource-CorrelatedAccounts WithAccess Value
AddData
/resource/showRecorrelationDetails4329
Resource-ShowRecorrelationDetails
AddData
/resource/showActivityOutliersByJob4281
Resource-ShowActivityOutliers ByJob
SNYPR Administration Guide 393
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/writeToXML3673
Configuration-Write To XML
AddData
/config/saveLookupConfig3674
Configuration-Save LookupConfiguration
AddData
/resource/glossaryAccessConfig1919
Configure-Tasks-ConfigureGlossaryImport[showsconfigureglossary importscreen]
AddData
/config/saveJobDetails3676
Configuration-Save JobDetails
AddData
/organization/addChildOrganizations4180
Add ChildOrganizations
AddData
/organization/beforeInterceptor4176
Add Data-OrganizationBeforeInterceptor
AddData
/organization/createOrganizationCreationRule4173
OrganizationCreation Rule
AddData
/organization/getUpdatedToken4171
Add Data-OrganizationGet UpdatedToken
AddData
/organization/deleteJob4170
Organization-Delete Job
SNYPR Administration Guide 394
Appendix A: Access Privileges
Category URL ID Description
AddData
/organization/addApplicationsToOrg4168
AddApplications toOrganization
AddData
/peer/showPeerJobStatusDetailsChart4200
Peer JobStatus DetailsChart
AddData
/peer/getAccessAttributesByResourceGroup4202
Peer-GetAccessAttributes ByResourceGroup
AddData
/peer/savePeerCreationRules4186
Save PeerCreation Rules
AddData
/organization/loadCreationRule4166
Organization-Load CreationRule
AddData
/peer/showDashboard4223
Peer-ShowDashboard
AddData
/peer/getPBMonths4222
Peer-Get PBMonths
AddData
/peer/show4221
Peer-Show
AddData
/peer/quickSearchAJAX4220
Quick Searchusing AJAX
AddData
/peer/checkHasOutliers4219
Peer-CheckHas Outliers
AddData
/peer/getUpdatedToken4218
Peer-GetUpdated Token
AddData
/peer/getTransactionsForPeer4217
GetTransactionsfor Peer
SNYPR Administration Guide 395
Appendix A: Access Privileges
Category URL ID Description
AddData
/peer/showPeerJobStatusDetails4216
Show Peer JobStatus Details
AddData
/peer/getResourcesListForPeer4214
Get ResourcesList for Peer
AddData
/peer/beforeInterceptor4215
Peer-BeforeInterceptor
AddData
/peer/runRule4187
Peer-Run Rule
AddData
/peer/listUsersForOwner4201
Peer-List UsersFor Owner
AddData
/riskModeler/updateModelAttributes3081
Configure-Threat Model-Set ThreatModel Live
AddData
/riskModeler/saveThreatModel3082
Configure-Threat Model-Save ThreatModel
AddData
/org/assignResourceToOrg3144
Dashboard-Organization-AssignResource ToOrganization
AddData
/org/assignResourceToOrgHierarchy3145
Dashboard-Organization-AssignResource ToOrganizationHierarchy
AddData
/chainTransaction4105
ChainTransaction
SNYPR Administration Guide 396
Appendix A: Access Privileges
Category URL ID Description
AddData
/chainTransaction/showUsersForTranaction4106
Show Users forTransaction
AddData
/chainTransaction/showTransactions4107
ShowTransactions
AddData
/peer/showBehaviorActivityDetails4190
Peer-ShowBehaviorActivity Details
AddData
/peer/getUsageTransactionsListForPeer4188
Get UsageTransactionsList for Peer
AddData
/peer/showScheduleCreationRule4199
Peer-ShowScheduleCreation Rule
AddData
/peer/showSearch4197
Peer-ShowSearch
AddData
/peer/selectedOwner4196
Peer-SelectedOwner
AddData
/peer/listAddParent4195
Peer-List AddParent
AddData
/peer/showAccessOutliersByPeerChart4194
Show AccessOutliers ByPeer Chart
AddData
/peer/listPeerTypes4193
List PeerTypes
AddData
/peer/selectPeerList4192
Select PeerList
AddData
/peer/getRuleConditions4191
Peer-Get RuleConditions
SNYPR Administration Guide 397
Appendix A: Access Privileges
Category URL ID Description
AddData
/peer/showRiskyUsersForAccessValue4189
Peer-ShowRisky Users forAccess Value
AddData
/peer/advancedSearchAddUser4198
Peer-AdvancedSearch AddUser
AddData
/riskModeler/showThreatModel3080
Configure-Threat Model-Show/EditThreat Model
AddData
/peer/showAddOwner4213
Peer-Show AddOwner
AddData
/peer/listPeersForResourceGroup4212
List Peers forResourceGroup
AddData
/manageData/showProfileResourceAccessLevel14133
Manage Data-Show ProfileResourceAccess Level1
AddData
/config/showRiskModeler2028
Configure-RiskModeler
AddData
/endpoint/saveEndPointConfig4116
Save EndPointConfiguration
AddData
/endpoint/beforeInterceptor4115
Endpoint-BeforeInterceptor
AddData
/endpoint/getUpdatedToken4114
Endpoint-GetUpdated Token
AddData
/endpoint/showScheduleEndPointImportJob4113
Show ScheduleEndPointImport Job
SNYPR Administration Guide 398
Appendix A: Access Privileges
Category URL ID Description
AddData
/endpoint/4112
Endpoint
AddData
/endpoint4111
Show Endpoint
AddData
/config/scheduleIpMappingJob2002
Configure-Tasks-IPMapping[schedule ipmapping job]
AddData
/endpoint/scheduleEndPointImport4110
ScheduleEndPointImport
AddData
/manageData/addUsersToProfile4132
Manage Data-Add Users toProfile
AddData
/manageData/4134
Enable AddData
AddData
/organization/advancedSearchAddUser4162
Organization-AdvancedSearch AddUser
AddData
/organization/createRule4146
Organization-Create Rule
AddData
/organization/pauseJob4159
Organization-Pause Job
AddData
/organization/deleteOrganizations4158
DeleteOrganizations
AddData
/organization/showCreationRules4157
Organization-Show CreationRules
SNYPR Administration Guide 399
Appendix A: Access Privileges
Category URL ID Description
AddData
/organization/addResourcegroupsToOrg4156
Organization-Add ResourceGroups toOrganization
AddData
/chainTransaction/update4109
ChainTransaction-Update
AddData
/peer/searchAJAX4203
Peer-Searchusing AJAX
AddData
/config/interruptJob2000
Configure-Tasks[interruptjob]
AddData
/config/pauseJob1998
Configure-Tasks[pausejob]
AddData
/peer/showEventsSummary4211
Peer-ShowEventsSummary
AddData
/peer/runPeerCreationRule4210
Run PeerCreation Rule
AddData
/peer/showPeerAccessResourcesList4209
Peer AccessResources List
AddData
/peer/listUsersNotInPeer4208
List Users NotIn Peer
AddData
/peer/searchPeerOwnerAJAX4207
Search PeerOwner usingAJAX
AddData
/peer/showBehavior4206
Peer-ShowBehavior
SNYPR Administration Guide 400
Appendix A: Access Privileges
Category URL ID Description
AddData
/peer/showBehaviorByActivity4205
Peer-ShowBehavior byActivity
AddData
/peer/create4204
Peer-Create
AddData
/config/resumeJob1999
Configure-Tasks[resumejob]
AddData
/organization/addResourcesToOrg4167
Add Resourcesto Organization
AddData
/chainTransaction/updateTranFlags4108
ChainTransaction-UpdateTransactionFlags
AddData
/config/showIpMappingJob2001
Configure-Tasks-IPMapping[showscreate ipmapping jobscreen]
AddData
/manageData/removeUsersFromProfile4131
Manage Data-Remove Usersfrom Profile
AddData
/manageData/showAddOwnerProfile4130
Manage Data-Show AddOwner Profile
AddData
/manageData/isResourceGroupIpDuplicate4129
Manage Data-Check ifResourceGroup Ip isDuplicate
SNYPR Administration Guide 401
Appendix A: Access Privileges
Category URL ID Description
AddData
/manageData/showAddUsersToProfileDialog4128
Manage Data-Show Dialogfor Add Usersto Profile
AddData
/config/cancelJob1996
Add Data-Tasks[canceljob]
AddData
/config/reRunJob1997
Add Data-Tasks[re-runjob]
AddData
/organization/showJobForCreationRules4165
Organization-Show Job forCreation Rules
AddData
/uf/addJobToUf3025
Configure-UniversalForwarder-Save/Updatejob of UF
AddData
/uf/showUFResourceGroupConfig3024
Configure-UniversalForwarder-ShowsResourceGroupConfiguration
AddData
/uf/listUFJobList3023
Configure-UniversalForwarder-Shows list ofjobs in UF
AddData
/application/addResourcesToApp4082
Application-Add Resourcesto App
SNYPR Administration Guide 402
Appendix A: Access Privileges
Category URL ID Description
AddData
/application/isNameDuplicate4083
Application-Check if Nameis Duplicate
AddData
/chainTransaction/getFilterCondition4095
ChainTransaction-Get FilterCondition
AddData
/chainTransaction/edit4104
ChainTransaction-Edit
AddData
/chainTransaction/create4103
ChainTransaction-Create
AddData
/chainTransaction/delete4102
ChainTransaction-Delete
AddData
/chainTransaction/getUpdatedToken4101
ChainTransaction-Get UpdatedToken
AddData
/chainTransaction/beforeInterceptor4100
ChainTransaction-BeforeInterceptor
AddData
/application/list4081
Application-List
AddData
/chainTransaction/updateTransactionAttributes4099
ChainTransaction-UpdateTransaction Attributes
SNYPR Administration Guide 403
Appendix A: Access Privileges
Category URL ID Description
AddData
/chainTransaction/show4097
ChainTransaction-Show
AddData
/chainTransaction/showUncorrelatedAccountsForTranaction
4096
ChainTransaction-ShowUncorrelatedAccounts forTransaction
AddData
/chainTransaction/save4094
ChainTransaction-Save
AddData
/application/showCreateAppDialog4084
Show CreateApp Dialog
AddData
/chainTransaction/4093
Show ChainTransaction
AddData
/chainTransaction/showCreateTransactionDialog4092
Show CreateTransactionDialog
AddData
/chainTransaction/showTransactionDetails4091
ShowTransactionDetails
AddData
/application/getUpdatedToken4090
Application-Get UpdatedToken
AddData
/chainTransaction/getUniqueTransactionsForResourceId
4098
ChainTransaction-Get UniqueTransactionsfor ResourceId
SNYPR Administration Guide 404
Appendix A: Access Privileges
Category URL ID Description
AddData
/application/removeResourcesFromApp4089
Application-RemoveResourcesFrom App
AddData
/resource/deleteLineFilter2047
Configure-Tasks-ActivityImport Config-Line Filter[shows deleteline filterscreen]
AddData
/resource/showLineFilters2045
Configure-Tasks-ActivityImport Config-Line Filter[shows createline filterscreen]
AddData
/application/update4080
Application-Update
AddData
/application/showAddResourcesDialog4079
Application-Show AddResourcesDialog
AddData
/application/edit4078
Application-Edit
AddData
/application/searchAJAX4077
Application-Search usingAJAX
AddData
/application/showAppDetails4076
ShowApplicationDetails
SNYPR Administration Guide 405
Appendix A: Access Privileges
Category URL ID Description
AddData
/application/listResourcesNotApplications4075
List ResourcesNotApplications
AddData
/application4074
EnableApplicationView
AddData
/config/showPrivacySettings2033
Configure-PrivacySettings
AddData
/resource/editLineFilter2046
Configure-Tasks-ActivityImport Config-Line Filter[shows edit linefilter screen]
AddData
/config/showExportAccessJob2034
Configure-Tasks-Export-AccessEntitlements
AddData
/resource/showAccessImportConfig2037
Configure-Tasks-Import-Access-Edit/SetupConfiguration
AddData
/config/scheduleExportAccessJob2038
Configure-Tasks-Export-AccessEntitlements[ScheduleAccessEntitlementsJob]
SNYPR Administration Guide 406
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/saveAccessCorrelationRules2039
Configure-Tasks-AccessImoprt Config-CorrelationRule[savesCorrelationrule]
AddData
/resource/editAccessCorrelationRules2040
Configure-Tasks-AccessImport Config-CorrelationRules[UpdateCorrelationRule]
AddData
/resource/saveAccessUserFilter2041
Configure-Tasks-AccessImport Config[save advancedsettings]
AddData
/resource/showEditAccessCorrelationRule2042
Configure-Tasks-AccessImport Config-CorrelationRule [showsedit accessimportcorrealtionrule]
SNYPR Administration Guide 407
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/deleteAccessCorrelationRule2043
Configure-Tasks-AccessImport Config-CorrelationRule[deleteaccess importcorrealtionrule]
AddData
/resource/createAccessCorrelationRule2044
Configure-Tasks-AccessImport Config-CorrelationRule [showscreate accessimportcorrealtionrule screen]
AddData
/resource/showResourceActivitiesConfig2036
Configure-Tasks-Import-Activities-Edit/SetupConfiguration
AddData
/application/4088
Application
AddData
/application/showResourcesforApp4087
Application-ShowResources forApp
AddData
/application/beforeInterceptor4086
Application-BeforeInterceptor
SNYPR Administration Guide 408
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/scheduleSavedJob3770
Configuration-ScheduleSaved Job
AddData
/config/showOwnersList3769
Configuration-Show OwnersList
AddData
/metadata/show3247
Metadata-Show
AddData
/config/showDecryptDataDialog3174
Configure-Access Control[Showdecrypted/Unmask data]
AddData
/config/searchSavedJobAJAX3675
Configuration-Search SavedJob throughAJAX
AddData
/uf/registerUF3020
Configure-UniversalForwarder-Save/updateUF
AddData
/resource/editCorrelationRules2052
Configure-Tasks-ActivityImport Config-CorrelationRule [updateCorrelationRule]
SNYPR Administration Guide 409
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/saveActivityUserFilter2053
Configure-Tasks-ActivityImport Config-AdavncedSettings [saveadvancedsettings]
AddData
/config/showPolicyScannerJob3771
Configuration-Show PolicyScanner Job
AddData
/tpi/showScheduleTpiImportJob2056
Configure-Tasks-TPIImport[showstpi importscreen]
AddData
/config/saveRiskModel2059
Configure-RiskModeler[updatemodeler]
AddData
/config/showCreateNode2060
Configure-Clustering[ClusteringModification]
AddData
housekeepingJobs3013
Configure-Settings-HouseKeeping Jobs
AddData
smptpSettings3017
Configure-Settings-SMTPServer Settings
AddData
/uf/deleteUF3019
Configure-UniversalForwarder-Delete UF
SNYPR Administration Guide 410
Appendix A: Access Privileges
Category URL ID Description
AddData
/uf/showAddJobToUF3021
Configure-UniversalForwarder-Add/edit UFJob
AddData
/org/confirmAssignmentOfResourceToOrgHierarchy
3146
Dashboard-Organization-Confirm-AssignResource ToOrganizationHierarchy
AddData
/uf/removeUfJob3022
Configure-UniversalForwarder-Remove Jobfrom UF
AddData
/resource/showResourceConfig2057
Configure-Show ResourceConfiguration
AddData
/config/isduplicatenode3772
Configuration-Check if Nodeis Duplicate
AddData
/config/attachFile3773
Configuration-Attach File
AddData
/config/completeDeleteJob3774
Configuration-CompleteDelete Job
AddData
/application/save4085
Application-Save
SNYPR Administration Guide 411
Appendix A: Access Privileges
Category URL ID Description
AddData
/resource/showCorrelationRules2048
Configure-Tasks-ActivityImport Config-CorrelationRule [showscreateCorrelationRule screen]
AddData
/resource/showEditCorrelationRule2049
Configure-Tasks-ActivityImport Config-CorrelationRule [showseditCorrelationRule screen]
AddData
/resource/deleteActivityCorrelationRule2050
Configure-Tasks-ActivityImport Config-CorrelationRule [showsdeleteCorrelationRule]
AddData
/uf/index3864
Add Data-UniversalForwarder Job
AddData
/metadata/save3248
Metadata-Save
AddData
/metadata3249
Show Metadata
AddData
/metadata/create3250
Metadata-Create
SNYPR Administration Guide 412
Appendix A: Access Privileges
Category URL ID Description
AddData
/metadata/3251
Metadata
AddData
/uf/3869
UniversalForwarder
AddData
/uf/beforeInterceptor3868
UniversalForwarder-BeforeInterceptor
AddData
/uf/controlUf3867
ControlUniversalForwarder
AddData
/uf/togglePolicyscratch3866
UniversalForwarder-Toggle PolicyScratch
AddData
/uf/getUpdatedToken3865
UniversalForwarder-GetUpdated Token
AddData
/uf/showPolicies3863
UniversalForwarder-Show Policies
AddData
/metadata/index3246
Metadata-index
AddData
/uf/toggleJobStatus3862
UniversalForwarder-Toggle JobStatus
AddData
/uf3861
Add Data-UniversalForwarder
SNYPR Administration Guide 413
Appendix A: Access Privileges
Category URL ID Description
AddData
/tpi/showTpiExport3845
Show ThirdPartyIntelligenceExport
AddData
/organization/interruptJob4154
Organization-Interrupt Job
AddData
/organization/addUsersToOrg4153
Add Users toOrganization
AddData
/resource/saveCorrelationRules2051
Configure-Tasks-ActivityImport Config-CorrelationRule [saveCorrelationRule]
AddData
/organization/cancelJob4148
Organization-Cancel Job
AddData
/config/registerUser3665
Configuration-Register User
AddData
/config/showEmailTemplateNotificationSettings3666
Configuration-Show EmailTemplateNotificationSettings
AddData
/config/showAuditDetails3728
Configuration-Show AuditDetails
AddData
/config/rac3738
Configuration-Rac
AddData
/config/_setAdvancedSearchObject3736
Configuration-Set AdvancedSearch Object
SNYPR Administration Guide 414
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/testNitroConnection3735
Configuration-Test NitroConnection
AddData
/config/downloadFiles3734
Configuration-Download Files
AddData
/config/showGroupOwnersList3733
Configuration-Show GroupOwners List
AddData
/config/saveSystemAction3664
Configuration-Save SystemAction
AddData
/config/getFieldsFromSQL3732
Configuration-Get FieldsFrom SQL
AddData
/config/continueWithEncryption3730
Configuration-Continue WithEncryption
AddData
/config/testSureViewConnection3729
Configuration-Test Sure ViewConnection
AddData
/config/getColumnNames3727
Configuration-Get ColumnNames
AddData
/config/beforeMaskingUnmasking3740
Configuration-BeforeMasking orUnmasking
AddData
/config/httpListnerAction3726
Configuration-HTTP ListnerAction
SNYPR Administration Guide 415
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/saveEncryptionSetting3725
Configuration-SaveEncryptionSetting
AddData
/config/showManageLicense3724
Configuration-Show ManageLicense
AddData
/config/updateAssociatedAccountFlag3723
Configuration-UpdateAssociatedAccount Flag
AddData
/config/showNitroDevicesList3731
Configuration-Show NitroDevices List
AddData
/config/searchAJAXConnType3722
Configuration-Search usingAJAX byConnectionType
AddData
/config/isScheduleJobNameDuplicate3592
Configuration-Check ifScheduled JobName isDuplicate
AddData
/config/isDatasourceNameDuplicate3594
Configuration-Check ifDatasourceName isDupliacte
AddData
/config/showConfigureActivityrRiskLevels3602
ConfigureActivity RiskLevels
SNYPR Administration Guide 416
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/getSpecificPolicyDetails3611
Configuration-Get SpecificPolicy Details
AddData
/config/isValidEmail3610
Configuration-Check if Emailis Valid
AddData
/config/getDatasourceAttributes3609
Configuration-GetDatasourceAttributes
AddData
/config/showIndexActivityTransactions3608
Configuration-Show IndexActivityTransactions
AddData
/config/scheduleHostnameLookupJob3607
Configuration-ScheduleHostnameLookup Job
AddData
/config/saveScreen3606
Configuration-Save Screen
AddData
/config/compareAuditXML3605
Configuration-Compare AuditXML
AddData
/config/showSelectUsers3593
vSelect Users
AddData
/config/generateKey3604
Configuration-Generate Key
AddData
/config/advancedSearch3601
Configuration-AdvanceSearch
SNYPR Administration Guide 417
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/checkDataToMask3591
Configuration-Check Data forMasking
AddData
/config/showScheduleIndexingService3600
Configuration-ScheduleIndexingService
AddData
/config/getBoxToken3599
Configuration-Get Box Token
AddData
/config/deleteSavedJob3598
Configuration-Delete SavedJob
AddData
/config/showSelectResources3597
Configuration-SelectResources
AddData
/config/showCreateJsecUser3596
Configuration-Create JsecUser
AddData
/config/showDatasourceList3595
Configuration-Show List ofDatasources
AddData
/config/beforeKeyGeneration3603
Configuration-KeyGeneration
AddData
/config/saveWorkflow3721
Configuration-Save Workflow
AddData
/config/showSystemWorkflowDetails3720
Configuration-Show SystemWorkflowDetails
SNYPR Administration Guide 418
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/getAvailablePrivateKeys3719
Configuration-Get AvailablePrivate Keys
AddData
/config/attachFileToCase3745
Configuration-Attach File ToCase
AddData
/config/saveStatus3744
Configuration-Save Status
AddData
/config/scheduleIndexActTrans3717
Configuration-Schedule Indexfor ActivityTranssaction
AddData
/config/showAuditXML3715
Configuration-Show AuditXML
AddData
/config/3667
ShowConfiguration
AddData
/config/testAwsConnection3678
Configuration-Test AWSConnection
AddData
/config/config3687
Add Data-ShowConfiguration
AddData
/config/schedulePolicyScanner3686
Configuration-SchedulePolicy Scanner
AddData
/config/removeSystemActions3747
Configuration-RemoveSystem Actions
AddData
/config/getDateFormats3685
Configuration-Get DateFormats
SNYPR Administration Guide 419
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/beforeEncryptDecrypt3683
Configuration-BeforeEncryptionDecryption
AddData
/config/runSavedJob3682
Configuration-Run Saved Job
AddData
/config/checkLogTampering3681
Configuration-Check LogTampering
AddData
/config/beforeInterceptor3680
Configuration-BeforeInterceptor
AddData
/config/updateCaseOwner3679
Configuration-Update CaseOwner
AddData
/config/getJobGroups3677
Configuration-Get JobGroups
AddData
/config/encryptDecryptText3689
Configuration-Encryption andDecryptionText
AddData
/config/showImports1993
Configure-Tasks
AddData
/config/showSelectPeers3684
Configuration-Select Peers
AddData
/config/previewPeerRiskLevels3748
Configuration-Preview PeerRisk Levels
SNYPR Administration Guide 420
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/scheduleGenerateCasesJob3749
Configuration-ScheduleGenerateCasesJ ob
AddData
/config/deleteCaseAttachment3750
Configuration-Delete CaseAttachment
AddData
/config/showHelp3718
Configuration-Show Help
AddData
/config/showDefaultConfig3739
Configuration-Show DefaultConfiguration
AddData
/config/listResourceGroupsForIndx3742
Configuration-List ResourceGroups forIndexing
AddData
/config/licenseSuccess3716
Configuration-License InstallSuccess
AddData
/config/showScheduleImportJob3755
Configuration-Show ScheduleImport Job
AddData
/config/emailTemplate3764
Configuration-EmailTemplate
AddData
/config/updateDecryptFlag3763
Configuration-UpdateDecryptionFlag
SNYPR Administration Guide 421
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/checkForEncryptedDataBeforeMasking3762
Configuration-Check ForEncryptedData BeforeMasking
AddData
/config/checkSecDB3761
Configuration-Check SecDB
AddData
/config/analyzeLineFilters3760
Configuration-Analyze LineFilters
AddData
/config/isduplicatenodeurl3759
Configuration-Check if NodeUrl isDuplicate
AddData
/config/createSamlDetails3758
Configuration-Create SAMLDetails
AddData
/config/getBeforeMaskUnmaskData3757
Configuration-Get BeforeMaskingUnmasking ofData
AddData
/config/showImportConfig3756
Configuration-Show ImportConfiguration
AddData
/config/importDevicesFromNitro3754
Configuration-Import DevicesFrom Nitro
AddData
/config/showAddAction3743
Configuration-Show AddAction
SNYPR Administration Guide 422
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/removeActions3753
Configuration-RemoveActions
AddData
/config/getRemoteDatasources3752
Configuration-Get RemoteDatasources
AddData
/config/showDesignScreen3751
Configuration-Show DesignScreen
AddData
/config/getEncryptionKeys3612
Configuration-Get Encryptionkeys
AddData
/config/searchJobAJAX3590
Configuration-Search Jobthrough AJAX
AddData
/config/updateHelpPref3767
Configuration-Update HelpPreferences
AddData
/config/showEncryptionJobDetails3568
Configuration-ShowEncryption JobDetails
AddData
/config/showForms3630
Configuration-Show Forms
AddData
/config/getJobId3629
Configuration-Get Job Id
AddData
/config/showGenerateCases3628
Configuration-GenerateCases
SNYPR Administration Guide 423
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/showMetadataConfig3627
Configuration-Show MetadataConfiguration
AddData
/config/showLookupImportJob3626
Configuration-Show Job forLookup Import
AddData
/config/getDatasourceByType3625
Configuration-GetDatasources byType
AddData
/config/getJobFields3624
Configuration-Get Job Fields
AddData
/config/testCEFSyslogConnection3623
Configuration-Test SyslogConnection forCEF
AddData
/config/importJiraCase3631
Configuration-Import JIRACase
AddData
/config/afterInterceptor3622
Configuration-AfterInterceptor
AddData
/config/getJobStatusList3620
Configuration-Get List of JobStatus
AddData
/config/isValidConfiguartion3619
Configuration-Check ifConfigurationis Valid
AddData
/config/saveSamlDetails3618
Configuration-Save SAMLDetails
SNYPR Administration Guide 424
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/showSystemAddAction3617
Configuration-Show SystemAdd Action
AddData
/config/saveMetdataConfig3616
Configuration-Save MetadataConfiguration
AddData
/config/isDirectoryValid3637
Configuration-Check ifDirectory isValid
AddData
/config/checkPrivacyMasterRole3638
Configuration-Check Role inPrivacy Master
AddData
/config/checkMaskingConfig3639
Configuration-Check MaskingConfiguration
AddData
/config/changeLineFilterOrder3621
Configuration-Change Orderof Line Filter
AddData
/config/uploadFile3653
Configuration-Upload File
AddData
/config/previewResourceRiskLevels3632
Configuration-Preview RiskLevels forResources
AddData
/config/scheduleLookupImport3635
Configuration-ScheduleLookup Import
AddData
/config/adminaccess3588
Configuration-ShowAdministrativeAccess
SNYPR Administration Guide 425
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/showAllJobs1994
Configure-Tasks[showslist of all jobs]
AddData
/config/deleteJob1995
Configure-Tasks[deletejob]
AddData
/manageData/beforeInterceptor4135
Manage Data-BeforeInterceptor
AddData
/manageData/listAddUsersToProfile4144
Manage Data-List Add UsersTo Profile
AddData
/manageData4143
Manage Data
AddData
/manageData/showProfileResourceAccessLevel24142
Manage Data-Show ProfileResourceAccess Level2
AddData
/manageData/afterInterceptor4141
Manage Data-AfterInterceptor
AddData
/config/scheduleMetadataImport3633
Configuration-ScheduleMetadataImport
AddData
/manageData/isResourceGroupNameDuplicate4140
Manage Data-Check ifResourceGroup Name isDuplicate
SNYPR Administration Guide 426
Appendix A: Access Privileges
Category URL ID Description
AddData
/manageData/searchProfilesAJAX4138
Manage Data-Search Profilesusing AJAX
AddData
/manageData/getUpdatedToken4137
Manage Data-Get UpdatedToken
AddData
/manageData/isNameDuplicate4136
Manage Data-Check if Nameis Duplicate
AddData
/config/savejsecUser3768
Configuration-Save Jsec User
AddData
/config/resetSystemWorkflow3766
Configuration-Reset SystemWorkflow
AddData
/peer/showUsersWithoutAccessForOutliers4226
Peer-ShowUsers WithoutAccess ForOutliers
AddData
/config/getPolicyMasterForSelectedType3765
Configuration-Get PolicyMaster ForSelected Type
AddData
/config/testDbConnection3636
Configuration-Test DBConnection
AddData
/manageData/showProfileResourceAccessLevel34139
Manage Data-Show ProfileResourceAccess Level3
AddData
/config/saveAction3663
Configuration-Save Action
SNYPR Administration Guide 427
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/controlNode3634
Configuration-Control Node
AddData
/config/saveSystemWorkflow3661
Configuration-Save SystemWorkflow
AddData
/config/getUpdatedToken3586
Configuration-Get UpdatedToken
AddData
/config/getDecryptedUserValues3585
Configuration-Get DecryptedValues forUsers
AddData
/config/setAudit3584
Configuration-Set Audit
AddData
/config/saveDownloadFiles3583
Configuration-SaveDownloadedFiles
AddData
/config/deleteData3582
Configuration-Delete Data
AddData
/config/checkDataToDecrypt3581
Configuration-Check Data toDecrypt
AddData
/config/previewUserRiskLevels3580
Configuration-Preview UserRisk Levels
AddData
/config/scheduleGenerateUserCasesJob3577
Configuration-ScheduleGenerate UserCases Job
SNYPR Administration Guide 428
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/getSchedules3587
Configuration-Get Schedules
AddData
/config/showScheduleHostnameLookup3589
Configuration-ScheduleHostnameLookup
AddData
/config/getEncryptedUserValues3575
Configuration-Get Values forEncryptedUser
AddData
/config/uploadLicense3574
Configuration-Upload License
AddData
/config/showSavedJobs3573
Configuration-Show SavedJobs
AddData
/config/getFileName3572
Configuration-Get File Name
AddData
/config/testLdapConnection3571
Configuration-Test LDAPConnection
AddData
/config/updateIDPMetadata3662
Configuration-Update IDPMetadata
AddData
/config/showWorkflowDetails3569
Configuration-ShowWorkflowDetails
AddData
/config/showGenerateUserCases3570
Configuration-Show GenerateUser Cases
SNYPR Administration Guide 429
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/downloadAttachment3576
Configuration-DownloadAttachment
AddData
/config/encryptData3578
Configuration-Encrypt Data
AddData
/config/activateKey3579
Configuration-Activate Key
AddData
/config/showGeoImportConfig3614
Configuration-ShowConfigurationforGeolocationImport
AddData
/config/getMetadataAsString3659
Configuration-Get Metadataas String
AddData
/config/deleteStatus3657
Configuration-Delete Status
AddData
/config/showMaskingJobDetails3613
Configuration-Show JobDetails forMasking
AddData
/config/jsecUsers3660
Configuration-Jsec Users
AddData
/config/isEmailTemplateNameDuplicate3656
Configuration-Check if EmailTemplateName isDuplicate
AddData
/config/testRemoteConnection3655
Configuration-Test RemoteConnection
SNYPR Administration Guide 430
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/showRegisterUser3654
Configuration-View Registeruser
AddData
/config/scheduleIndxServiceJob3652
Configuration-ScheduleIndexingService Job
AddData
/config/saveNetworkClassificationImportConfig3651
Configuration-Save ImportConfigurationfor NetworkClassification
AddData
/config/deleteWorkFlowIns3650
Configuration-DeleteWorkflowLines
AddData
/config/showScheduleNetClassificationImportJob3640
Configuration-Show ScheduleImport Job forNetworkClassification
AddData
/config/previewActivityRiskLevels3642
Configuration-PreviewActivity RiskLevels
AddData
/config/userSearchAjax3648
Configuration-Search Userthrough AJAX
AddData
/config/isduplicatenodehttpurl3646
Configuration-Check if NodeHTTP-URL isDuplicate
SNYPR Administration Guide 431
Appendix A: Access Privileges
Category URL ID Description
AddData
/config/showMetaDataImportJob3645
Configuration-Show MetadataImport Job
AddData
/config/checkForEncryptedData3643
Configuration-Check forEncryptedData
AddData
/config/saveMaskingSetting3649
Configuration-Save Settingsfor Masking
AddData
/config/scheduleNetworkClassificationImport3641
Configuration-ScheduleImport Job forNetworkClassification
AddData
/config/showJobDetails3615
Configuration-Show JobDetails
Analytics
Category URL ID Descriptio
n
Analytics
/suspectActivities/loadPGOutliersAttrs3474
SuspectActivities-Load PGOutliersAttributes
SNYPR Administration Guide 432
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showUsersWithoutAccessByJobId3497
SuspectActivities-Show UsersWithoutAccess ByJob-Id
Analytics
/suspectActivities/showResourcesForBehaviorBasedOutliers
3473
SuspectActivities-ShowResourcesForBehaviorBasedOutliers
Analytics
/suspectActivities/showSuspect3472
SuspectActivities-ShowSuspect
Analytics
/suspectActivities/showConfigModes3469
SuspectActivities-Show ConfigModes
Analytics
/suspectActivities/showPolicyManagement3470
SuspectActivities-Show PolicyManagement
Analytics
/suspectActivities/showConfigureAccessOutlierJob3481
SuspectActivities-ShowConfigureAccessOutlier Job
SNYPR Administration Guide 433
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/runPolicy3475
SuspectActivities-Run Policy
Analytics
/suspectActivities/showConfigureActivityOutlierJob3471
SuspectActivities-ShowConfigureActivityOutlier Job
Analytics
/suspectActivities/showMessageDetails3476
SuspectActivities-ShowMessageDetails
Analytics
/suspectActivities/beforeInterceptor3496
SuspectActivities-BeforeInterceptor
Analytics
/suspectActivities/saveChildPolicy3478
SuspectActivities-Save ChildPolicy
Analytics
/suspectActivities/isPolicyDuplicate3479
SuspectActivities-Check ifPolicy isDuplicate
Analytics
/suspectActivities/searchVariableOnGroupAJAX3402
SuspectActivities-SearchVariable onGroup AJAX
SNYPR Administration Guide 434
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showResourcesForActivityOuliers3480
SuspectActivities-ShowResourcesFor ActivityOuliers
Analytics
/suspectActivities/deletePolicyViolations3482
SuspectActivities-DeletePolicyViolations
Analytics
/suspectActivities/showAddChecksDialog3483
SuspectActivities-Show AddChecksDialog
Analytics
/suspectActivities/updateIncludeInAnalysisForActivityAttributes
3484
SuspectActivities-UpdateInclude InAnalysis ForActivityAttributes
Analytics
/suspectActivities/showWlList3498
SuspectActivities-Show WlList
Analytics
/suspectActivities/checkvaliddirective3485
SuspectActivities-Check ValidDirective
SNYPR Administration Guide 435
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showManageSuspectActivities3486
SuspectActivities-ShowManageSuspectActivities
Analytics
/suspectActivities/loadSuspectActivitiesQueueChart3477
SuspectActivities-LoadSuspectActivitiesQueueChart
Analytics
/suspectActivities/showFunctionConfig3499
SuspectActivities-ShowFunctionConfig
Analytics
/resource/showEntityDetailsForActivityOutliers4583
Showresourceentitydetails foractivityoutliers
Analytics
/suspectActivities/showRunPolicy1945
Detect-PolicyViolations[show runpolicyscreen]
Analytics
/suspectActivities/savePolicyCategory3487
SuspectActivities-Save PolicyCategory
SNYPR Administration Guide 436
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showEditHqlPolicy3504
SuspectActivities-Show EditHQL Policy
Analytics
/suspectActivities/addCustomCheck3505
SuspectActivities-Add CustomCheck
Analytics
/suspectActivities/showAddOwnerRemediator3401
SuspectActivities-Show AddOwnerRemediator
Analytics
/suspectActivities/resourceGroupBasedPolices4593
Displayresourcegroup basedpolices forsuspectactivities
Analytics
/resource/showEntitiesWithActivityByJobId4584
Showresourceentities withactivity byjob id
Analytics
/resource/showEntitiesWithoutActivityByJobId4582
Showresourceentities withactivity byjob id
SNYPR Administration Guide 437
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/activityIP/showEntitiesWithoutActivityByJobId4581
Showactivity ipentitieswithoutactivity byjob id
Analytics
/activityIP/showEntityDetailsForActivityOutliers4580
Showactivity ipentitydetails foractivityoutliers
Analytics
/activityIP/showEntitiesWithActivityByJobId4579
Showactivity ipentities withactivity byjob id
Analytics
/suspectActivities/searchPolicyJobAJAX3400
SuspectActivities-SearchPolicy JobthroughAJAX
Analytics
/suspectActivities/getAllColumns4572
Show allcolummnsfor Suspectactivities
Analytics
/suspectActivities/showAccessOutlierJobs1933
Analytics-AccessOutliersJobs
SNYPR Administration Guide 438
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showResourcesForAccessOuliers1935
Detect-AccessOutliers[showsresourcesfor accessoutliers]
Analytics
/suspectActivities/scheduleAnomalyDetectionJob1936
Detect-AccessOutliers-ScheduleAccessOutliers Job[showscreateaccessoutlier jobscreen]
Analytics
/suspectActivities/runAccessOutlierJob1937
Detect-AccessOutliers-ScheduleAccessOutliers Job[scheduleaccessoultier job]
SNYPR Administration Guide 439
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/detectSuspect1938
Detect-ActivityOutliers-ScheduleActivityOutliers Job[showscreateactivityoutlier jobscreen]
Analytics
/suspectActivities/runActivityOutlierJob1939
Detect-ActivityOutliers-ScheduleActivityOutliers Job[scheduleactivityoutlier job]
Analytics
/suspectActivities/showSavedPolicies1940
Detect-PolicyViolations[shows listpolicies]
Analytics
/suspectActivities/showCreatePolicy1941
Detect-PolicyViolations-CreatePolicy[showscreatepolicyscreen]
SNYPR Administration Guide 440
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showCreateHQLPolicy1942
Detect-PolicyViolations-CreatePolicy WithDirect HQL[showscreatepolicyDirect HQLscreen]
Analytics
/suspectActivities/savePolicy1943
Detect-PolicyViolations[save valuesfor policyrecievedfrom createpolicyscreen]
Analytics
/suspectActivities/showEditPolicy1944
Detect-PolicyViolations[shows editpolicyscreen]
Analytics
/suspectActivities/showCasesPanel1946
Respond-Incidents-Assigned ToMe/Assigned To Group[showscassesassigned]
SNYPR Administration Guide 441
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showPeerGroupBasedJobWizard3488
SuspectActivities-Show PeerGroupBased JobWizard
Analytics
/analytics/showTrasactionLevels3206
Analytics-ShowTrasactionLevels
Analytics
/suspectActivities/showEditCompositePolicy3490
SuspectActivities-Show EditCompositePolicy
Analytics
/analytics/saveBehDefaultConfig3186
Analytics-SaveBehaviorDefaultConfiguration
Analytics
/analytics/showUserDetails3185
Analytics-Show UserDetails
Analytics
/analytics/listUsers3184
Analytics-Show Users
Analytics
/analytics/showConfig3183
Analytics-ShowConfiguration
SNYPR Administration Guide 442
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/analytics/showBehaviorProfileConfig3182
Analytics-ShowBehaviorProfileConfiguration
Analytics
/analytics/searchActivtyTrasactionAJAX3181
Analytics-SearchActivityTransaction
Analytics
/reviews/showReviews3164
Respond-ActivityReview-[Shows Listof ActivityReview Jobswith filters]
Analytics
/analytics/listUsersWithProfiles3200
Analytics-List allUsers withProfiles
Analytics
/analytics/getResources3201
Analytics-GetResources
Analytics
/analytics/showDashboard3202
Analytics-ShowDashboard
Analytics
/suspectActivities/saveAccessOutliers3369
SuspectActivities-Save AccessOutliers
SNYPR Administration Guide 443
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/certifications/showAccessReviewJobs3218
Certifications-ShowAccessReview Jobs
Analytics
/analytics/scheduleBehaviorProfileJob3207
Analytics-ScheduleBehaviorProfile Job
Analytics
/analytics/showUserSuspect3208
Analytics-Show UserSuspectAnalysis
Analytics
/analytics/behaviorProfileJobs3209
Analytics-ShowBehaviorProfile Jobs
Analytics
/analytics/selectedUsers3210
Analytics-ShowSelectedUsers
Analytics
/analytics/showAccountSelectionDialog3211
Analytics-ShowAccountSelectionDialog
Analytics
/analytics/showJobStatus3212
Analytics-Show JobStatus
Analytics
/analytics/3213
Analytics
SNYPR Administration Guide 444
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/analytics/updateIncludeInAnalysisForActivityAttributes
3214
Analytics-UpdateInclude InAnalysis ForActivityAttributes
Analytics
/analytics/manageProfiles3215
Analytics-ManageProfiles
Analytics
/analytics/showManageSuspectActivities3216
Analytics-Show andManageSuspectActivities
Analytics
/suspectActivities/showManageUserBehavior3503
SuspectActivities-ShowManageUserBehavior
Analytics
/suspectActivities/reloadAutoComplete3368
SuspectActivities-Reload AutoComplete
Analytics
/suspectActivities/showMultiEditPolicy3367
SuspectActivities-Show MultiEdit Policy
SNYPR Administration Guide 445
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showUserDetailsForActivityOutliers
3366
SuspectActivities-Show UserDetails ForActivityOutliers
Analytics
/suspectActivities/showLevelChecks3491
SuspectActivities-Show LevelChecks
Analytics
/suspectActivities/searchVariableAJAX3492
SuspectActivities-SearchVariablethroughAJAX
Analytics
/suspectActivities/showUserRiskDetails3493
SuspectActivities-Show UserRisk Details
Analytics
/suspectActivities/showUserSuspect3494
SuspectActivities-Show UserSuspect
Analytics
/suspectActivities/saveTier2Policy3495
SuspectActivities-SaveTier2Policy
SNYPR Administration Guide 446
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/saveOutlierPoliciesAsDefaultPolicyTemplate
3457
SuspectActivities-SaveOutlierPolicies AsDefaultPolicyTemplate
Analytics
/suspectActivities/showVariableSelection3375
SuspectActivities-ShowVariableSelection
Analytics
/suspectActivities/getSysData3371
SuspectActivities-Get SystemData
Analytics
/monitor/showAccessReviewJobs3046
Detect-AccessReviews
Analytics
/analytics3199
EnableAnalyticsView
Analytics
/analytics/getBehaviorNames3198
Analytics-GetBehaviorNames
Analytics
/analytics/getUpdatedToken3197
Analytics-GetUpdatedToken
SNYPR Administration Guide 447
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/analytics/showResourceProfileAndWindows3196
Analytics-ShowResourceProfile andWindows
Analytics
/analytics/saveBPConfig3194
Analytics-SaveBehaviorProfileConfig
Analytics
/analytics/showActivityAttributes3193
Analytics-ShowActivityAttributes
Analytics
/analytics/updateIncludeInAnalysisForTransactionLevels
3192
Analytics-UpdateInclude inAnalysis ForTransactionLevels
Analytics
/analytics/beforeInterceptor3191
Analytics-Call BeforeInterceptor
Analytics
/analytics/getDateTime3190
Analytics-Get Dateand Time
Analytics
/analytics/showAddUsersDialog3189
Analytics-Show AddUser Dialog
Analytics
/analytics/showAnalytics3188
Analytics-ShowAnalytics
SNYPR Administration Guide 448
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/analytics/showManageUserBehavior3187
Analytics-ShowManageUserBehavior
Analytics
/suspectActivities/searchAttributeValue3364
SuspectActivities-SearchAttributeValue
Analytics
/suspectActivities/getPolicyFunctions3365
SuspectActivities-Get AllPolicyFunctions
Analytics
/suspectActivities/saveCompositePolicy3489
SuspectActivities-SaveCompositePolicy
Analytics
/suspectActivities/saveThreatIndicator3502
SuspectActivities-Save ThreatIndicator
Analytics
/suspectActivities/detectAnomalies3405
SuspectActivities-DetectAnomalies
Analytics
/suspectActivities/showSuspectEvents3500
SuspectActivities-ShowSuspectEvents
SNYPR Administration Guide 449
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showSuspectChecks3393
SuspectActivities-ShowSuspectChecksActivities
Analytics
/suspectActivities/saveSuspectPolicy3372
SuspectActivities-SaveSuspectPolicy
Analytics
/suspectActivities/listUsers3394
SuspectActivities-List allUsers
Analytics
/suspectActivities/createCompositePolicy3395
SuspectActivities-CreateCompositePolicy
Analytics
/monitor/showBehaviorProfileJobs1949
Detect-Behavior
Analytics
/suspectActivities/getEntitiesList3397
SuspectActivities-Get EntitiesList
Analytics
/suspectActivities/getUpdatedToken3398
SuspectActivities-GetUpdatedToken
SNYPR Administration Guide 450
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/monitor/showPolicyManagement1950
Detect-PolicyViolations
Analytics
/suspectActivities/showAccessOutliers1934
Detect-AccessOutliers[showsaccessoutliers]
Analytics
/monitor/showActivityOutlierJobs1948
Detect-ActivityOutliers
Analytics
/suspectActivities/showDirectiveDetails3392
SuspectActivities-ShowDirectiveDetails
Analytics
/suspectActivities/savePgBasedOutlierPolicy3466
SuspectActivities-Save Pg-BasedOutlierPolicy
Analytics
/suspectActivities/showUserDetailsForAccessOutliers
3413
SuspectActivities-Show UserDetails ForAccessOutliers
Analytics
/suspectActivities/updatePolicies3412
SuspectActivities-UpdatePolicies
SNYPR Administration Guide 451
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showAllPolicyJobs3411
SuspectActivities-Show AllPolicy Jobs
Analytics
/suspectActivities/updatePolicyAttributes3410
SuspectActivities-UpdatePolicyAttributes
Analytics
/suspectActivities/showAssignToUsers3447
SuspectActivities-Show Assignto Users
Analytics
/suspectActivities/searchPoliciesAJAX3448
SuspectActivities-SearchPoliciesAJAX
Analytics
/suspectActivities/showSuspectPoliciesList3449
SuspectActivities-ShowSuspectPolicies List
Analytics
/suspectActivities/chkForSqlClauses3450
SuspectActivities-Check ForSQL Clauses
Analytics
/suspectActivities/showSuspectExclusionRules3451
SuspectActivities-ShowSuspectExclusionRules
SNYPR Administration Guide 452
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/getNonCompositePolicies3452
SuspectActivities-Get NonCompositePolicies
Analytics
/suspectActivities/displayAllAttributeValues3414
SuspectActivities-Display AllAttributeValues
Analytics
/suspectActivities/saveThreatIndicatorGeneric3453
SuspectActivities-Save ThreatIndicatorGeneric
Analytics
/suspectActivities/showDatasourceList3391
SuspectActivities-ShowDatasourcesList
Analytics
/suspectActivities/saveWatchList3389
SuspectActivities-Save WatchList
Analytics
/analytics/loadSearchBar3205
Analytics-LoadAnalyticsSearch Bar
SNYPR Administration Guide 453
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/saveSCBasedOutlierPolicy3373
SuspectActivities-Save SCBasedOutlierPolicy
Analytics
/reviews/showActivityReviewWizard1956
Respond-ActivityReviews[shows listof activityreviewtable]
Analytics
/reviews/activityReviewsList1955
Respond-ActivityReviews[shows listof activityreview]
Analytics
/analytics/generateProfiles1952
Detect-Behavior-ScheduleBehaviorProfile Job[showsschedulebehaviorprofilescreen]
Analytics
/analytics/showJobsForBehaviorProfiles1951
Detect-Behavior[shows listof behaviorjob]
SNYPR Administration Guide 454
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/incidents/showCaseManagement1953
Respond-Incidents
Analytics
/suspectActivities/showActivityOutliersJobs3396
SuspectActivities-ShowActivityOutliersJobs
Analytics
/reviews/createActivityReview1957
Respond-ActivityReviews[showscreateactivityreviewscreen]
Analytics
/suspectActivities/getDateTime3387
SuspectActivities-Get Dateand Time
Analytics
/suspectActivities/assignToUserList3390
SuspectActivities-Assign toUsers List
Analytics
/suspectActivities/saveQuickAlertPolicy3376
SuspectActivities-Save QuickAlert Policy
Analytics
/suspectActivities/listUsersForOwnerRemediator3378
SuspectActivities-List UsersFor OwnerRemediator
SNYPR Administration Guide 455
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showPreviewPolicyResults3379
SuspectActivities-ShowPreviewPolicyResults
Analytics
/suspectActivities/showEditTier2Policy3380
SuspectActivities-Show EditTier 2Policy
Analytics
/suspectActivities/showSuspectCheckDetails3381
SuspectActivities-ShowSuspectCheckDetails
Analytics
/suspectActivities/showBehaviorBasedOutliersJobStatus
3382
SuspectActivities-ShowBehaviorBasedOutliers JobStatus
Analytics
/suspectActivities/saveRiskTypeGeneric3383
SuspectActivities-Save RiskTypeGenericActivities
SNYPR Administration Guide 456
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/getChildPolicies3385
SuspectActivities-Get Policieson ChildNodes
Analytics
/suspectActivities/showUsersWithoutActivityByJobId
3386
SuspectActivities-Show UsersWithoutActivity ByJobId
Analytics
/suspectActivities/getSolrObjectattrsForPolicy3388
SuspectActivities-Get SolrObjectAttributesFor Policy
Analytics
/suspectActivities/saveDirectiveDetails3399
SuspectActivities-SaveDirectiveDetails
Analytics
/suspectActivities/showAddThreatIndicator3377
SuspectActivities-Show AddThreatIndicator
Analytics
/suspectActivities/getWatchlistEntitiesList3454
SuspectActivities-GetWatchlistEntities List
SNYPR Administration Guide 457
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showActivityOutlierDetailsForUserByJobId
3455
SuspectActivities-ShowActivityOutlierDetails ForUser ByJob-Id
Analytics
/suspectActivities/showEditQuickAlertPolicy3456
SuspectActivities-Show EditQuick AlertPolicy
Analytics
/suspectActivities/showDashboard3429
SuspectActivities-ShowDashboard
Analytics
/suspectActivities/showActivityOutliers3430
SuspectActivities-ShowActivityOutliers
Analytics
/suspectActivities/saveAsDefaultPolicyTemplate3431
SuspectActivities-Save AsDefaultPolicyTemplate
Analytics
/suspectActivities/addChecksFromLevel3433
SuspectActivities-Add ChecksFrom Level
SNYPR Administration Guide 458
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/getDeviationFieldsForPolicy3417
SuspectActivities-GetDeviationFields ForPolicy
Analytics
/suspectActivities/showActivityOutliersJobStatus3434
SuspectActivities-ShowActivityOutliersJob-Status
Analytics
/suspectActivities/getColumns3435
SuspectActivities-GetColumns
Analytics
/suspectActivities/updateCase3436
SuspectActivities-Update Case
Analytics
/suspectActivities/showAccessOutliersJobStatus3437
SuspectActivities-ShowAccessOutliersJob-Status
Analytics
/suspectActivities/showOutputFieldMapping3438
SuspectActivities-ShowOutputFieldMapping
SNYPR Administration Guide 459
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showAddRiskType3428
SuspectActivities-Show AddRisk Type
Analytics
/suspectActivities/advancedSearchAddUser3439
SuspectActivities-AdvancedSearch AddUser
Analytics
/suspectActivities/showEditChildPolicy3441
SuspectActivities-Show EditChild Policy
Analytics
/suspectActivities/saveCaseCustomValues3442
SuspectActivities-Save CaseCustomValues
Analytics
/suspectActivities/assignToUser3418
SuspectActivities-Assign toUser
Analytics
/suspectActivities3443
SuspectActivities
Analytics
/suspectActivities/showUsersWithAccessByJobId3444
SuspectActivities-Show UsersWith AccessBy Job-Id
Analytics
/suspectActivities/getResources3445
SuspectActivities-GetResources
SNYPR Administration Guide 460
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/saveActivityOutliers3465
SuspectActivities-SaveActivityOutliers
Analytics
/suspectActivities/showPolicyJobStatus3467
SuspectActivities-Show PolicyJob-Status
Analytics
/monitor/showAccessOutlierJobs1947
Detect-AccessOutliers
Analytics
/suspectActivities/showOutlierDetailsForUserByJobId
3468
SuspectActivities-ShowOutlierDetails ForUser ByJob-Id
Analytics
/suspectActivities/saveAccessOutlierConfig3440
SuspectActivities-Save AccessOutlierConfig
Analytics
/suspectActivities/deletePolicy3427
SuspectActivities-DeletePolicy
Analytics
/suspectActivities/showAddUsersDialog3426
SuspectActivities-Show AddUsersDialog
SNYPR Administration Guide 461
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showPolicyJobDetails3425
SuspectActivities-Show PolicyJob Details
Analytics
/suspectActivities/showGraph3409
SuspectActivities-Show Graph
Analytics
/suspectActivities/showSuspectChecksBasedJobWizard
3458
SuspectActivities-ShowSuspectChecksBased JobWizard
Analytics
/suspectActivities/showQuickAlertPolicy3459
SuspectActivities-Show QuickAlert Policy
Analytics
/suspectActivities/showUsersWithActivityByJobId3408
SuspectActivities-Show UsersWithActivity ByJobId
Analytics
/suspectActivities/showClosedCaseDetails3407
SuspectActivities-ShowClosed CaseDetails
SNYPR Administration Guide 462
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showActivityOutliersByJob3406
SuspectActivities-ShowActivityOutliers ByJob
Analytics
/suspectActivities/getResourceAttributes3460
SuspectActivities-GetResourceAttributes
Analytics
/suspectActivities/getFunctionParams3461
SuspectActivities-GetFunctionParams
Analytics
/suspectActivities/selectedUsers3462
SuspectActivities-SelectedUsers
Analytics
/suspectActivities/getSubTreeItems3404
SuspectActivities-Get SubTree Items
Analytics
/suspectActivities/previewPolicyResults3403
SuspectActivities-PreviewPolicyResults
Analytics
/suspectActivities/saveHQLPolicy3463
SuspectActivities-Save HQLPolicy
SNYPR Administration Guide 463
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/updateTaskStatus3464
SuspectActivities-Update TaskStatus
Analytics
/suspectActivities/searchPolicyJob3415
SuspectActivities-SearchPolicy Job
Analytics
/suspectActivities/showAllJobsForPolicy3416
SuspectActivities-Show AllJobs ForPolicy
Analytics
/suspectActivities/showCreateTier2Policy3446
SuspectActivities-ShowCreate Tier2 Policy
Analytics
/suspectActivities/showBehaviorBasedOutliers3432
SuspectActivities-ShowBehaviorBasedOutliers
Analytics
/suspectActivities/showAllJobsOfPolicy3422
SuspectActivities-Show AllJobs ofPolicy
SNYPR Administration Guide 464
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/showConfig3421
SuspectActivities-ShowConfiguration
Analytics
/suspectActivities/3423
ShowSuspectActivities
Analytics
/suspectActivities/getSuspectChecksList3420
SuspectActivities-Get SuspectChecks List
Analytics
/suspectActivities/saveActivityOutlierConfig3419
SuspectActivities-SaveActivityOutlierConfiguration
Analytics
/suspectActivities/showAccessOutliersByJob3424
SuspectActivities-ShowAccessOutliers ByJob
Analytics
/suspectActivities/createCompositeChildPolicy3501
SuspectActivities-CreateCompositeChild Policy
SNYPR Administration Guide 465
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/suspectActivities/removeChecksFromLevel3384
SuspectActivities-RemoveChecksFrom Level
Analytics
/analytics/reloadAutoComplete3203
Analytics-Reload AutoComplete
Analytics
/monitor/beforeInterceptor3252
Monitor-BeforeInterceptor
Analytics
/activityIP/list4063
Activity IP-Show List
Analytics
/activityIP/showBehaviorActivityDetails4064
Activity IP-ShowBehaviorActivityDetails
Analytics
/activityIP/showBehavior4065
Activity IP-ShowBehavior
Analytics
/activityIP/saveActivityOutlierPolicy4066
Activity IP-SaveActivityOutlierPolicy
Analytics
/activityIP/showActivityOutlierDetailsForActivityIPByJobId
4067
Activity IP-ShowActivityOutlierDetails ForActivity IPBy Job-Id
SNYPR Administration Guide 466
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/activityIP/4068
ShowActivity IP
Analytics
/activityIP/showActivityOutliers4062
Activity IP-ShowActivityOutliers
Analytics
/activityIP/getActivityIPList4070
Activity IP-Get ActivityIP List
Analytics
/activityIP/showActivityOutliersByJob4072
Activity IP-ShowActivityOutliers ByJob
Analytics
/suspectActivities/showOpenCaseDetails3370
SuspectActivities-Show OpenCase Details
Analytics
/activityIP/showResourcesForActivityOuliers4055
Activity IP-ShowResourcesFor ActivityOuliers
Analytics
/activityIP/showResourceBehaviorSummary4058
Activity IP-ShowResourceBehaviorSummary
Analytics
/suspectActivities/getOjectAttributesForPolicy3374
SuspectActivities-Get ObjectAttributesFor Policy
SNYPR Administration Guide 467
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/analytics/isScheduleJobNameDuplicate3204
Analytics-Check forDuplicateScheduleNames
Analytics
/activityIP/showActivityOutliersJobStatus4071
Activity IP-ShowActivityOutliersJob-Status
Analytics
/activityIP/listActivityIPClassifications4061
Activity IP-List ofActivity IPClassifications
Analytics
/activityIP4073
EnableActivity IPView
Analytics
/activityIP/showBehaviorConfig4059
Activity IP-ShowBehaviorConfiguration
Analytics
/activityIP/searchAJAX4060
Activity IP-SearchthroughAJAX
Analytics
/monitor3254
EnableAnalytics
Analytics
/monitor/3255
Monitor
SNYPR Administration Guide 468
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/reviews/beforeInterceptor3345
Reviews-BeforeInterceptor
Analytics
/reviews3346
Analytics-Reviews
Analytics
/reviews/getUpdatedToken3347
Reviews-GetUpdatedToken
Analytics
/reviews/showActivityReviews3348
Reviews-ShowActivityReviews
Analytics
/monitor/afterInterceptor3253
Monitor-AfterInterceptor
Analytics
/reviews/3350
Reviews
Analytics
/riskModeler/showRiskModeler3079
Configure-ThreatModel-ShowThreatModel List
Analytics
/reviews/showDashboard3349
Reviews-showDashboard
Analytics
/analytics/advancedSearchAddUser3195
Analytics-AdvanceUser AddSearch
SNYPR Administration Guide 469
Appendix A: Access Privileges
Category URL ID Descriptio
n
Analytics
/activityIP/saveActivityOutliers4069
Activity IP-SaveActivityOutliers
Analytics
/activityIP/showUserDetailsForActivityOutliers4054
Activity IP-Show UserDetails ForActivityOutliers
Analytics
/activityIP/showActivityOutliersJobWizard4056
Activity IP-ShowActivityOutliers JobWizard
Analytics
/activityIP/getUpdatedToken4057
Activity IP-GetUpdatedToken
SNYPR Administration Guide 470
Appendix A: Access Privileges
Application Statistics
ApplicationStatistics
/stats/terminateQuery 3841Application Statistics-TerminateQuery
ApplicationStatistics
/stats/applicationStatistics 3840 Show Application Statistics
ApplicationStatistics
/stats 3843 Application Statistics
ApplicationStatistics
/stats/ 3842 Show Statistics View
Configure
Configure
/settings/addHolidays3829
Settings-AddHolidays
Configure
/clustering3564
Enable ClusteringView
Configure
/settings/uninstallLicense3827
Settings-UninstallLicense
Configure
/settings/installLicense3833
Settings-InstallLicense
Configure
/settings/showHouseKeeping3832
Settings-ShowHouseKeeping
Configure
/settings/holidays3835
Settings-Holidays
Configure
/settings/showSyslogSettings3831
Settings-ShowSyslog Settings
Configure
/settings/saveSafeDomains3830
Settings-SaveSafe Domains
Configure
/settings/showAddHolidaysDialog3828
Settings-AddHolidays Dialog
SNYPR Administration Guide 471
Appendix A: Access Privileges
Configure
/connectionType/editConnector3787
Connection Type-Edit Connector
Configure
/settings/showModuleList1965
Configure-Logging-Modules[shows list ofmodules]
Configure
/config/showCreateWorkflow3658
Configuration-Show CreateWorkflow
Configure
/connectionType/deleteClientSecret3782
Connection Type-Delete ClientSecret
Configure
/connectionType/testSplunkConnection3788
Connection Type-Test SplunkConnection
Configure
/connectionType/showConnectionProperties3786
Connection Type-Show ConnectionProperties
Configure
/connectionType3785
ConfigureConnection Type
Configure
/connectionType/uploadSecret3784
Connection Type-Upload Secret
Configure
/connectionType/displayConnectors3783
Connection Type-DisplayConnectors
Configure
/settings/showHouseKeepingJobs3836
Settings-ShowHouseKeepingJobs
Configure
/settings/removeHolidaysFromYear3809
Settings-RemoveHolidays FromYear
Configure
/settings/3837
Enable SettingsView
SNYPR Administration Guide 472
Appendix A: Access Privileges
Configure
/settings/syslogConf3822
Settings-SyslogConfiguration
Configure
/settings/saveUserPreferencesOfMenus3839
Settings-SaveUser PreferencesOf Menus
Configure
/settings/saveArchiveSettings3817
Settings-SaveArchive Settings
Configure
/settings/showLdapAuthenSettings3823
Settings-ShowLDAPAuthenticationSettings
Configure
/connectionType/index3781
Show ConnectionType
Configure
/settings/index3821
Display Settings
Configure
/settings/saveLdapAuthenSettings3820
Settings-SaveLDAPAuthenticationSettings
Configure
/settings/scheduleHouseKeepingJob3819
Settings-ScheduleHouseKeepingJob
Configure
/settings/showEncryptDecryptText3818
Settings-ShowEncryptionDecryption Text
Configure
/settings/saveproductdescription3816
Settings-SaveProductDescription
Configure
/settings/saveSyslogProperties3825
Settings-SaveSyslog Properties
Configure
/settings/controlSyslog3838
Settings-ControlSyslog
SNYPR Administration Guide 473
Appendix A: Access Privileges
Configure
/settings/beforeInterceptor3815
Settings-BeforeInterceptor
Configure
/settings/getUpdatedToken3813
Settings-GetUpdated Token
Configure
/settings/saveDNSServers3812
Settings-SaveDNS Servers
Configure
/settings/showArchival3811
Settings-ShowArchival Settings
Configure
/settings/showLicDetails3810
Settings-ShowInstalled LicenseDetails
Configure
/settings/deleteSmtp3824
Settings-DeleteSMTP
Configure
/settings/removeYearFromHolidaySettings3826
Settings-RemoveYear FromHoliday Settings
Configure
/settings/testSmtpServer3808
Settings-TestSMTP Server
Configure
/settings3834
Show Settings
Configure
/settings/saveSystemConfiguration1963
Configure-System[saves systemconfiguration]
Configure
/settings/saveAppSettings3814
Settings-SaveApplicationSettings
Configure
/connectionType/3790
Connection Type
Configure
/email/queuedMailsList3797
Email Template-Queued MailsList
SNYPR Administration Guide 474
Appendix A: Access Privileges
Configure
/connectionType/getOauthTokens3779
Connection Type-Get OauthTokens
Configure
/certifications3230
Certifications
Configure
/connectionType/authenticateApi4594
Allow apiauthentication forconnection types
Configure
/certifications/getResourcesForCertification3217
Certifications-Get ResourcesFor Certification
Configure
/certifications/saveManualCertOutliers3219
Certifications-Save Manual CertOutliers
Configure
/certifications/runCertificationJob3220
Certifications-Run CertificationJob
Configure
/certifications/scheduleCertificationJob3221
Certifications-ScheduleCertification Job
Configure
/certifications/showCertJobStatus3222
Certifications-ShowCertifications JobStatus
Configure
/certifications/showManualCertUsersByJob3223
Certifications-Show ManualCertificationUsers By Job
Configure
/certifications/showResourcesForManualCert3224
Certifications-Show ResourcesFor ManualCertifications
Configure
/settings/testWS4596
Settings-Testwebsocket
SNYPR Administration Guide 475
Appendix A: Access Privileges
Configure
/certifications/3225
EnableCertificationsView
Configure
/certifications/showCertConfiguration3227
Certifications-ShowCertificationsConfiguration
Configure
/certifications/getUpdatedToken3228
Certifications-Get UpdatedToken
Configure
/certifications/showManualCertByJob3229
Certifications-Show ManualCertifications ByJob
Configure
/config/showConfigureRiskLevels1967
Configure-Criticality
Configure
/connectionType/getGeneratedTokens4595
Allow tokengeneration forconnection types
Configure
/resource/getXMLDataController4559
Show XML datafor resourcegroup
Configure
/clustering/3567
Clustering
Configure
/clustering/autoUpdate3566
Clustering-AutoUpdate
Configure
/clustering/isNodeUpByPolicy3565
Clustering-Checkby Policy of theNode is Up
Configure
/certifications/saveCertConfig3226
Certifications-SaveCertificationsConfig
SNYPR Administration Guide 476
Appendix A: Access Privileges
Configure
/connectionType/checkDBConnection3780
Connection Type-Check DatabaseConnection
Configure
/email/getUpdatedToken3801
Email Template-Get UpdatedToken
Configure
/email/showEmailTemplateVariables3793
Email Template-Show EmailTemplateVariables
Configure
/connectionType/generateOauthCode3778
Connection Type-Generate OauthCode
Configure
/connectionType/getSplunkSavedSearches3777
Connection Type-Get SavedSearches fromSplunk
Configure
/config/showWorkflowList3737
Configuration-ShowWorkflowList
Configure
/connectionType/beforeInterceptor3776
Connection Type-BeforeInterceptor
Configure
/connectionType/getUpdatedToken3791
Connection Type-Get UpdatedToken
Configure
/settings/showEncryptionMasking3807
Settings-ShowEncryptionMasking Settings
Configure
/email/showEmailTemplatesList1972
Configure-EmailTemplates[showslist of emailtemplates]
SNYPR Administration Guide 477
Appendix A: Access Privileges
Configure
/settings/showWeekEndDialog3806
Settings-ShowWeek EndSettings Dialog
Configure
/settings/updateHolidayList3805
Settings-UpdateHoliday List
Configure
/settings/showSystemConfiguration1962
Configure-System
Configure
/email3804
Configure EmailTemplate
Configure
/email/index3803
Show EmailTemplate
Configure
/email/updateEmailQueue3802
Email Template-Update EmailQueue
Configure
/email/beforeInterceptor3800
Email Template-BeforeInterceptor
Configure
/connectionType/filterConnections3792
Connection Type-FilterConnections
Configure
/email/deleteEmails3799
Email Template-Delete Emails
Configure
/email/3798
Enable Email
Configure
/clustering/manualSync3563
Clustering-SyncNodes Manually
Configure
/email/editEmailTemplate3795
Email Template-Edit EmailTemplate
Configure
/email/fetchMailBody3794
Email Template-Fetch Mail Body
SNYPR Administration Guide 478
Appendix A: Access Privileges
Configure
/config/showThreatLibrary3709
Configuration-Show ThreatLibrary
Configure
/clustering/beforeInterceptor3557
Clustering-BeforeInterceptor
Configure
/connectionType/regConnector3789
Connection Type-RegisterConnector
Configure
/accessControl/showEditUser1984
Configure-AccessControl[show edituser screen]
Configure
/clustering/isNodeUpOnly3540
Clustering-OnlyCheck if theNode is Up
Configure
/clustering/showEditNode3560
Clustering-ShowEdit Node
Configure
/clustering/syncDatasource3559
Clustering-SyncDatasources
Configure
/clustering/authnticatenode3558
Clustering-AuthenticateNode
Configure
/connectionType/getPolicyOutputConnections
3775
Connection Type-Get PolicyOutputConnections
Configure
/clustering/forceHealthCheck3556
Clustering-ForceHealth Check
Configure
/clustering/showNodesWithStatus3555
Clustering-ShowAll Nodes withStatus
Configure
/clustering/getNodeThreadConfig3554
Clustering-GetConfiguration ofNode Thread
SNYPR Administration Guide 479
Appendix A: Access Privileges
Configure
/clustering/mergeDeleteNodeData3553
Clustering-MergeData fromDeleted Node
Configure
/clustering/removeResourcesFromNode3539
Clustering-Remove SelectedResources fromthe Node
Configure
/clustering/getUpdatedToken3552
Clustering-GetUpdated Token
Configure
/clustering/showDatasourcesForNode3550
Clustering-ShowList ofDatasources forNode
Configure
/clustering/showResourcesForNode3549
Clustering-ShowList of Resourcesfor Node
Configure
/clustering/deleteNode3548
Clustering-DeleteNode
Configure
/clustering/showCreateNode3547
Clustering-CreateNode
Configure
/clustering/isNodeUpByRg3546
Clustering-Checkby ResourceGroup if theNode Status if Up
Configure
/accessControl/showUsersOfRole3527
Access Control-Show Users forDifferent Roles
Configure
/clustering/clusterNodeList3545
Clustering-ViewCluster NodesList
Configure
/clustering/toggleClustering3544
Clustering-ToggleClustering On orOff
SNYPR Administration Guide 480
Appendix A: Access Privileges
Configure
/clustering/showClusterNodeDetails3543
Clustering-ShowCluster NodeDetails
Configure
/clustering/showAddResourcesToNodeDialog3551
Clustering-Dialogfor AddResources toNode
Configure
/clustering/testNodeDbConnectionWithMaster
3542
Clustering-TestDatabaseConnection ofSelected Nodewith Master
Configure
/uf/listUF3027
Configure-UniversalForwarder-Showslist of UF
Configure
/clustering/saveNodeThreadConfig3538
Clustering-Savethe ThreadConfiguration ofNode
Configure
/connectionType/addUpdateConnectionType1978
Configure-ConnectionTypes[showscreate/editconnection typescreen]
Configure
/clustering/saveNode3561
Clustering-SaveNode
Configure
/clustering/isNodeUp3532
Clustering-Identify if theNode is Runningor not
Configure
/clustering/isNodeUpByName3536
Clustering-Checkby Name if theNode is Up
SNYPR Administration Guide 481
Appendix A: Access Privileges
Configure
/email/showEmailTemplates1971
Configure-EmailTemplates
Configure
/email/deleteEmailTemplate1973
Configure-EmailTemplates[deletes emailtemplate]
Configure
/email/createEmailTemplate1974
Configure-EmailTemplates[showscreate emailtemplate screen]
Configure
/accessControl3529
Access Control
Configure
/email/saveEmailTemplate1975
Configure-EmailTemplates[savevalues for emailtemplaterecieved fromcreate/edit emailtemplate screen]
Configure
/clustering/manualSyncNode3537
Clustering-Syncthe NodeManually
Configure
/accessControl/showAddUsersSearch3530
Access Control-Show Add UsersSearch
Configure
/accessControl/changePassword1983
Configure-AccessControl[updatepasswordrecieved fromchange passwordscreen]
Configure
/connectionType/showConnectionTypes1976
Configure-ConnectionTypes
SNYPR Administration Guide 482
Appendix A: Access Privileges
Configure
/accessControl/showChangePassword1982
Configure-AccessControl[showschange passwordscreen]
Configure
/connectionType/saveConnectionTypes1979
Configure-ConnectionTypes[save/updatevalues ofconnection typerecieved formcreate/editscreen]
Configure
/clustering/toggleNode3533
Clustering-TurnOn or Turn Offthe Node
Configure
/clustering/testNodeDbConnection3534
Clustering-Testthe Connection ofthe NodeDatabase
Configure
/connectionType/showConnectionList1977
Configure-ConnectionTypes[shows listof connections]
Configure
/clustering/getNodeName3535
Clustering-GetNode Name
Configure
/accessControl/manageUsers1980
Configure-AccessControl
Configure
/accessControl/assignUserToRole3531
Access Control-Assign Users toRole
Configure
/clustering/addResourcesToNode3541
Clustering-AddSelectedResources to theNode
SNYPR Administration Guide 483
Appendix A: Access Privileges
Configure
/accessControl/list1981
Configure-AccessControl[shows listof users]
Configure
/accessControl/showSearch3514
Access Control-Show Search
Configure
/accessControl/showUserCreate1986
Configure-AccessControl[showscreate userscreen]
Configure
/accessControl/userUpdateDelete1985
Configure-AccessControl[updatevalues of userrecied from useredit screen]
Configure
/accessControl/showManageGroup3524
Access Control-Manage Groups
Configure
/accessControl/updateRole3523
Access Control-Update Role
Configure
/accessControl/savePasswordProperties3522
Access Control-Save PasswordProperties
Configure
/accessControl/searchGroupAJAX3521
Access Control-Search Group
Configure
/accessControl/groupList3520
Access Control-List of Groups
Configure
/accessControl/userSave3519
Access Control-Save User
Configure
/accessControl/updatedCheckboxField3518
Access Control-Show UpdatedCheckbox Field
SNYPR Administration Guide 484
Appendix A: Access Privileges
Configure
/accessControl/showRoleCreate1987
Configure-AccessControl-ManageRoles[showscreate rolescreen]
Configure
/accessControl/addUserList3517
Access Control-Add User List
Configure
/accessControl/getUpdatedToken3515
Access Control-Get UpdatedToken
Configure
/accessControl/index3512
Access Control-Index
Configure
/accessControl/showSearchGroup3511
Access Control-Show SearchGroup
Configure
/accessControl/searchAJAX3510
Access Control-Search
Configure
/accessControl/showOrgDetails3509
Access Control-ShowOrganizationDetails
Configure
/accessControl/quickSaveGroup3508
Access Control-Quick SaveGroup
Configure
/accessControl/checkUserNameDuplication3506
Access Control-Check Duplicatesfor User Names
Configure
/accessControl/3528
Enable AccessControl
Configure
/accessControl/checkRoleNameDuplication3507
Access Control-Check Duplicatesfor Role Names
Configure
/accessControl/deleteGroup3516
Access Control-Delete Group
SNYPR Administration Guide 485
Appendix A: Access Privileges
Configure
/accessControl/saveRole1988
Configure-AccessControl-ManageRoles[save valuesof role recievedform create rolescreen]
Configure
/accessControl/saveGroup3513
Access Control-Save Group
Configure
/clustering/showClustering3057
Configure-Clustering
Configure
/settings/showApplicationSettings3009
Configure-Settings-ApplicationSettings
Configure
/accessControl/showSearchRole1989
Configure-AccessControl-ManageRoles[showserach rolescreen]
Configure
/config/showWorkflows3051
Configure-Workflows
Configure
/accessControl/validatePassword3526
Access Control-ValidatePassword
Configure
/accessControl/roleList1990
Configure-AccessControl-ManageRoles[shows listof roles]
Configure
/accessControl/roleDelete1992
Configure-AccessControl-ManageRoles[deletesrole]
Configure
/config/showCriticalityJobs1968
Configure-Criticality[showslist critcality job]
SNYPR Administration Guide 486
Appendix A: Access Privileges
Configure
/clustering/listResources3562
Clustering-ListAll Resources
Configure
/accessControl/showPasswordControlProperties
2063
Configure-AccessControl-PasswordControl
Configure
/uf/showUF2065
Configure-UniversalForwarder
Configure
/accessControl/showRoleUpdate1991
Configure-AccessControl-ManageRoles[updatevalues of rolerecieved fromedit role screen]
Configure
/settings/customizeMenu3010
Configure-Settings-Customize Menu
Configure
/accessControl/beforeInterceptor3525
Access Control-BeforeInterceptor
Configure
/email/queuedEmails3060
Configure-Queued emails
Configure
/settings/showDNSServers3011
Configure-Settings-DNSServers
Configure
/settings/holidayMetaList3012
Configure-Settings-Holidays
Configure
/settings/showAddLicense3014
Configure-Settings- InstallLicense
SNYPR Administration Guide 487
Appendix A: Access Privileges
Configure
/uf/showRegisterUF3018
Configure-UniversalForwarder-Create/edit UFscreen
Configure
/settings/showAppLogs3008
Configure-Settings-Application Logs
Configure
/settings/showLogging3015
Configure-Settings- Logging
Configure
/settings/showSafeDomainList3016
Configure-Settings-SafeDomains
Dashboard
Dashboard
/highRiskUsers/showHighRiskUsersChart4031
HighRisk UsersChart
Dashboard
policy_category:FRAUD4622
Dashboard-SecurityDashbaord-FRAUD
Dashboard
policy_category:SECURITY POLICY VIOLATION4623
Dashboard-SecurityDashbaord-SECURITYPOLICYVIOLATION
Dashboard
policy_category:ACCOUNT MISUSE4624
Dashboard-SecurityDashbaord-ACCOUNTMISUSE
SNYPR Administration Guide 488
Appendix A: Access Privileges
Dashboard
policy_category:EXPLOIT4625
Dashboard-SecurityDashbaord-EXPLOIT
Dashboard
policy_category:MALWARE4626
Dashboard-SecurityDashbaord-MALWARE
Dashboard
/highRiskUsers/showHighRiskAccessAccountCount
4026
HighRiskAccess AccountCount
Dashboard
/incidents/getCaseCount4045
Incidents-GetCase Count
Dashboard
/incidents/getCaseHistory4043
Incidents-GetCase History
Dashboard
/highRiskUsers/showEntityCounts4028
High RiskUsers-EntityCounts
Dashboard
/highRiskUsers/showRiskScoreTrend4029
High RiskUsers-ShowRisk ScoreTrend
Dashboard
policy_category:IDENTITY ISSUE4621
Dashboard-SecurityDashbaord-IDENTITYISSUE
Dashboard
/highRiskUsers/showHighRiskUsersList4030
HighRisk UsersList
Dashboard
/incidents/showCaseComments4046
Incidents-ShowCaseComments
SNYPR Administration Guide 489
Appendix A: Access Privileges
Dashboard
policy_category:TRAFFIC ANOMALY4620
Dashboard-SecurityDashbaord-TRAFFICANOMALY
Dashboard
/highRiskUsers/getUpdatedToken4027
High RiskUsers-GetUpdated Token
Dashboard
policy_category:INSIDER THREAT4618
Dashboard-SecurityDashbaord-INSIDERTHREAT
Dashboard
/dashboard/updateTaskAssistantPref4001
Dashboard-Update TaskAssistantPreferences
Dashboard
/highRiskUsers4032
High RiskUsers
Dashboard
/dashboard/showHistogramForAccessScanner4000
Dashboard-Histogram ForAccess Scanner
Dashboard
/dashboard/showHighRiskResourcesChart4002
HighRiskResourcesChart
Dashboard
/dashboard/showAccessPoliciesForUser4003
Dashboard-Access PoliciesFor User
Dashboard
/dashboard/saveUserPreferences4004
Dashboard-Save UserPreferences
Dashboard
/executiveDashboard/showCaseStatusChart4006
ExecutiveDashboard-Show CaseStatus Chart
SNYPR Administration Guide 490
Appendix A: Access Privileges
Dashboard
/dashboard/showHighRiskUsersByCategory3989
HighRisk UsersBy Category
Dashboard
/highRiskUsers/followEntity4025
High RiskUsers-FollowEntity
Dashboard
/incidents/4047
Incidents
Dashboard
/incidents/searchJira4048
Incidents-Search JIRA
Dashboard
/highRiskUsers/getPoliciesByType4585
Show high riskusers policiesby type
Dashboard
/highRiskUsers/getCriticality4586
Show high riskusers criticality
Dashboard
/export/getViolators4588
Show exportviolators
Dashboard
/highRiskUsers/returnTypes4597
Show high riskusers returntypes
Dashboard
policy_category:CONFIGURATION ERROR4619
Dashboard-SecurityDashbaord-CONFIGURATION ERROR
Dashboard
/incidents/getUpdatedToken4033
Incidents-GetUpdated Token
Dashboard
/dashboard/showRiskyUsersForPeer3940
Dashboard-Risky UsersFor Peer
Dashboard
/incidents/getIncidentListByCategory4035
Incidents-GetIncident List ByCategory
SNYPR Administration Guide 491
Appendix A: Access Privileges
Dashboard
/dashboard/showUserHRASCDetails3942
Dashboard-Show User HRASC Details
Dashboard
/dashboard/showPolicyTree3943
Dashboard-Show PolicyTree
Dashboard
/dashboard/showResourceThreatsList3944
Dashboard-Show ResourceThreats List
Dashboard
/dashboard/createCase3945
Create Case
Dashboard
/dashboard/removeFromWhitelist3946
Dashboard-Remove FromWhitelist
Dashboard
/dashboard/fetchVisualData3947
Dashboard-Fetch VisualData
Dashboard
/dashboard/showHistogram3941
Dashboard-ShowHistogram
Dashboard
/dashboard/drillDowncorrelationResults3932
Dashboard-FilterCorrelationResults
Dashboard
/dashboard/showEventScannerWidget3931
Dashboard-Show EventScannerWidget
Dashboard
/dashboard/loadSecurityControlCenter3929
Dashboard-Load SecurityControl Center
SNYPR Administration Guide 492
Appendix A: Access Privileges
Dashboard
/dashboard/showResourceStatisticsDetails3914
Dashboard-ResourceStatisticsDetails
Dashboard
/dashboard/showPeerStatisticsDetails3915
Dashboard-Peer StatisticsDetails
Dashboard
/dashboard/showPoliciesWidget3999
Dashboard-Policies Widget
Dashboard
/dashboard/showCorrelationResults3916
Dashboard-CorrelationResults
Dashboard
/dashboard/showRiskyUsersForResource3948
Dashboard-Show RiskyUsers ForResource
Dashboard
/dashboard/getOtherPoliciesList3939
Get OtherPolicies List
Dashboard
/dashboard/listSelectOrganization3938
ListOrganizations
Dashboard
/dashboard/loadAccessReviewProgressByTypeChart
3937
Dashboard-Load AccessReviewProgress ByType Chart
Dashboard
/incidents/showCaseCommentsByScreenId4036
Incidents-ShowCaseComments ByScreen Id
Dashboard
/incidents/showJiraSearch4037
Incidents-ShowJira Search
Dashboard
/incidents/sendCaseNotification4038
Incidents-SendCaseNotification
SNYPR Administration Guide 493
Appendix A: Access Privileges
Dashboard
/incidents/showJiraCaseComments4039
Incidents-ShowJira CaseComments
Dashboard
/incidents/showIncidentsWidget4040
IncidentsWidget
Dashboard
/incidents/showIncidentsByUserGroupChart4041
Show IncidentsBy User GroupChart
Dashboard
/incidents/showCaseDetails4042
Incidents-ShowCase Details
Dashboard
/incidents4044
Show IncidentsWidget
Dashboard
/dashboard/showAccessReviewsWidget3912
Dashboard-AccessReviewsWidget
Dashboard
/dashboard/showThreatPolicyCounts3988
Dashboard-Threat PolicyCounts
Dashboard
/dashboard/showUserHRASCChart3986
Dashboard-User HRASCChart
Dashboard
/dashboard/getCasesForEntity3933
Dashboard-GetCases ForEntity
Dashboard
/dashboard/certifyHighRiskAccessActivity3934
CertifyHighRiskAccess Activity
Dashboard
/dashboard3935
GrantDashboardAccess
Dashboard
/dashboard/3936
Dashboard
SNYPR Administration Guide 494
Appendix A: Access Privileges
Dashboard
/incidents/showIncidentsTrendChart4034
IncidentsTrend Chart
Dashboard
/dashboard/showHighRiskResourceDetails3998
HighRiskResourceDetails
Dashboard
/adminDashboard/setEventColor3873
AdministrativeDashboard-SetEvent Color forStatus
Dashboard
/dashboard/loadPoliciesList3996
Dashboard-Load PoliciesList
Dashboard
/dashboard/loadActivityImportHistoryChartByResource
3909
Dashboard-Load ActivityImport HistoryChart ByResource
Dashboard
/adminDashboard/loadActivityAccountSummary3900
AdministrativeDashboard-Load ActivityAccountSummary
Dashboard
/adminDashboard/3890
EnableAdministrativeDashboard
Dashboard
/adminDashboard/loadPeerGroupSummary3883
AdministrativeDashboard-Load PeerGroupSummary
Dashboard
/adminDashboard/beforeInterceptor3888
AdministrativeDashboard-BeforeInterceptor
SNYPR Administration Guide 495
Appendix A: Access Privileges
Dashboard
/adminDashboard/loadPercentageAdminSummary3870
AdministrativeDashboard-LoadPercentageChange inImportsSummary
Dashboard
/adminDashboard/loadJobDurationChart3908
AdministrativeDashboard-View JobDuration Trend
Dashboard
/adminDashboard/loadUserEntSummary3871
AdministrativeDashboard-Load UserEntitySummary
Dashboard
/adminDashboard3874
ShowAdministrativeDashboard
Dashboard
/adminDashboard/loadActivityImportHistoryLineChart
3875
AdministrativeDashboard-Load ActivityImport HistoryLine Chart
Dashboard
/adminDashboard/loadActivityTransSummary3876
AdministrativeDashboard-Load ActivityTransactionSummary
Dashboard
/adminDashboard/index3877
ViewAdministrativeDashboard
SNYPR Administration Guide 496
Appendix A: Access Privileges
Dashboard
/adminDashboard/loadLicInfoDetails3878
AdministrativeDashboard-View Details ofInstalledLicenses
Dashboard
/email/emailQueueCount3796
EmailTemplate-Email QueueCount
Dashboard
/adminDashboard/loadResourceActivityAccountCount
3872
AdministrativeDashboard-Load ResourceActivityAccount Count
Dashboard
/dashboard/sendReminder3910
Dashboard-Enable SendReminder
Dashboard
/adminDashboard/wrapTitle3907
AdministrativeDashboard-Title
Dashboard
/adminDashboard/loadPeerCountChart3891
AdministrativeDashboard-View PeerCreation CountTrends
Dashboard
/dashboard/showPolicyDetailsForUserByResource
3917
Dashboard-Policy DetailsFor User ByResource
Dashboard
/adminDashboard/loadJobSummary_Backup3898
AdministrativeDashboard-Display JobsSummary
SNYPR Administration Guide 497
Appendix A: Access Privileges
Dashboard
/adminDashboard/getJobType3892
AdministrativeDashboard-GetJob Type
Dashboard
/adminDashboard/loadAccessAccountSummary3893
AdministrativeDashboard-Load AccessAccountSummary
Dashboard
/adminDashboard/loadResourceAcsEntCount3894
AdministrativeDashboard-Load ResourceAccess EntityCount
Dashboard
/adminDashboard/loadJobAdminSummary3895
AdministrativeDashboard-ViewAdministrativeJob Summary
Dashboard
/adminDashboard/loadCorrelatedAccountChart3906
AdministrativeDashboard-LoadCorrelatedAccount Chart
Dashboard
/adminDashboard/loadEvents3896
AdministrativeDashboard-Load Events
Dashboard
/adminDashboard/assignSelectedUserToResource3899
AdministrativeDashboard-Assign SelectedUser toResource
Dashboard
/adminDashboard/loadIpAddrSummary3905
AdministrativeDashboard-View IPAddressSummary
SNYPR Administration Guide 498
Appendix A: Access Privileges
Dashboard
/adminDashboard/loadJobGroupCountSummaryByDate
3901
AdministrativeDashboard-View ImportCountSummary forJob Groups ByDate
Dashboard
/adminDashboard/loadJobSummary3902
AdministrativeDashboard-View JobsSummary
Dashboard
/adminDashboard/loadResourceActTransCount3903
AdministrativeDashboard-Load ResourceAccountTransactionCount
Dashboard
/adminDashboard/getJobDetails3904
AdministrativeDashboard-GetJob Details
Dashboard
/adminDashboard/loadResourceAccessAccountCount
3897
AdministrativeDashboard-Load ResourceAccess AccountCount
Dashboard
/adminDashboard/getUpdatedToken3879
AdministrativeDashboard-GetUpdated Token
Dashboard
/adminDashboard/loadResourceSummary3880
AdministrativeDashboard-Load ResourceSummary
Dashboard
/adminDashboard/loadPolicyexCountChart3881
AdministrativeDashboard-View Policy ExChart
SNYPR Administration Guide 499
Appendix A: Access Privileges
Dashboard
/highRiskUsers/4019
Show High RiskUsers
Dashboard
/highRiskUsers/showHighRiskActivityAccountCount
4020
HighRiskActivityAccount Count
Dashboard
/highRiskUsers/showThreatPolicyCounts4021
High RiskUsers-ThreatPolicy Counts
Dashboard
/highRiskUsers/showRiskyUserPolicies4022
High RiskUsers-RiskyUser Policies
Dashboard
/executiveDashboard/getUpdatedToken4008
ExecutiveDashboard-GetUpdated Token
Dashboard
/highRiskUsers/showHighRiskActivityIPCount4024
HighRiskActivity IPCount
Dashboard
/highRiskUsers/beforeInterceptor4018
High RiskUsers-BeforeInterceptor
Dashboard
/executiveDashboard/showCasesByGroupChart4007
ExecutiveDashboard-Show Cases ByGroup Chart
Dashboard
/dashboard/showRiskyUsersForGroupOwner3990
Dashboard-Show RiskyUsers ForGroup Owner
Dashboard
/dashboard/showViolatorsByPolicyCategories3991
Dashboard-Show ViolatorsBy PolicyCategories
SNYPR Administration Guide 500
Appendix A: Access Privileges
Dashboard
/dashboard/loadTaskAssistantList3992
Dashboard-Load TaskAssistant List
Dashboard
/dashboard/showUserStatisticsDetails3993
Dashboard-User StatisticsDetails
Dashboard
/dashboard/showViolationAdditionalDetails3994
Dashboard-Show ViolationAdditionalDetails
Dashboard
/dashboard/loadResourceConfigPoliciesDetails3995
Dashboard-Load ResourceConfigurationPolicies Details
Dashboard
/executiveDashboard/showHighRiskSuspectChecksChart
4005
ExecutiveDashboard-HighRiskSuspect ChecksChart
Dashboard
/highRiskUsers/showHighRiskUsersCount4017
High RiskUsers Count
Dashboard
/highRiskUsers/showHistogram4016
High RiskUsers-ShowHistogram
Dashboard
/executiveDashboard/4015
ExecutiveDashboard
Dashboard
/adminDashboard/loadEventSummary3882
AdministrativeDashboard-View EventsSummary
Dashboard
/adminDashboard/loadUserSummary3884
AdministrativeDashboard-Load UsersSummary
SNYPR Administration Guide 501
Appendix A: Access Privileges
Dashboard
/adminDashboard/loadGraphTrendDetails3885
AdministrativeDashboard-View Details ofTrend Graphs
Dashboard
/adminDashboard/loadResourceEventCount3886
AdministrativeDashboard-Load ResourceEvent Count
Dashboard
/adminDashboard/loadAccessImportHistoryLineChart
3887
AdministrativeDashboard-Load AccessImport HistoryLine Chart
Dashboard
/adminDashboard/loadSecAppDetails3889
AdministrativeDashboard-View SecuronixApplicationDetails
Dashboard
/dashboard/showAccessScannerWidget3911
Dashboard-Access ScannerWidget
Dashboard
/dashboard/getUserForPeers3984
Dashboard-GetUser for Peers
Dashboard
/dashboard/updateHighRiskObject3913
Dashboard-UpdateHighRiskObject
Dashboard
/executiveDashboard/beforeInterceptor4009
ExecutiveDashboard-BeforeInterceptor
SNYPR Administration Guide 502
Appendix A: Access Privileges
Dashboard
/executiveDashboard/highRiskAggregateResources
4010
ExecutiveDashboard-HighRiskAggregateResources
Dashboard
/executiveDashboard4011
ExecutiveDashboard-Enable View
Dashboard
/executiveDashboard/showHighRiskThreatChart4012
ExecutiveDashboard-HighRiskThreat Chart
Dashboard
/executiveDashboard/showPoliciesByVioltionCount
4013
ExecutiveDashboard-Policies ByVioltaion Count
Dashboard
/executiveDashboard/highRiskAggregateUsers4014
ExecutiveDashboard-HighRiskAggregateUsers
Dashboard
/dashboard/showRiskyUsersForAccessValue3997
Risky UsersFor AccessValue
Dashboard
/dashboard/showJobEventDetails3918
Dashboard-JobEvent Details
Dashboard
/highRiskUsers/showHighRiskUsersWidget4023
HighRiskUsersWidget
Dashboard
/dashboard/loadResourceOutlierAccessDetails3920
Dashboard-Load ResourceOutlier AccessDetails
Dashboard
/riskModeler/showRunThreatModel3355
Risk Modeler-Show RunThreat Model
SNYPR Administration Guide 503
Appendix A: Access Privileges
Dashboard
DEFAULTWORKFLOW:CLAIM3161
Dashboard-SecurityDashbaord-BulkAction:CLAIM
Dashboard
DEFAULTWORKFLOW:CLOSE AS FIXED3160
Dashboard-SecurityDashbaord-BulkAction:CLOSEAS FIXED
Dashboard
DEFAULTWORKFLOW:ASSIGN TO ANALYST3159
Dashboard-SecurityDashbaord-BulkAction:ASSIGNTO ANALYST
Dashboard
/dashboard/showThreatDetails3157
Dashboard-SecurityDashbaord-Threats-ShowsThreat Details
Dashboard
/riskModeler/showThreatModelList3354
Risk Modeler-Show ThreatModel List
Dashboard
/dashboard/deletePolicyViolation3168
Dashboard-SecurityDashboard-DeleteViolations
Dashboard
/dashboard/showHighRiskOutlierActivityUserList3155
Dashboard-SecurityDashbaord-Threats-HighRisk Outlier Lis
SNYPR Administration Guide 504
Appendix A: Access Privileges
Dashboard
/dashboard/showHighRiskActivitiesSuspectChecksChart
3153
Dashboard-SecurityDashbaord-Threats-Threats BySuspect ChecksChart
Dashboard
/dashboard/showHighRiskActivitiesByThreatChart
3152
Dashboard-SecurityDashbaord-Threats-Threats ByCriticalityChart
Dashboard
/dashboard/showHighRiskActivitiesByResourceChart
3151
Dashboard-SecurityDashbaord-Threats-Threats ByResource Chart
Dashboard
/riskModeler/saveRiskModel3363
Risk Modeler-Save RiskModel
Dashboard
/dashboard/showAccessValuesForHighRiskAccess3001
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby AccessValue list]
SNYPR Administration Guide 505
Appendix A: Access Privileges
Dashboard
/dashboard/showHighRiskAccessByGroupOwnerChart
3002
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby GroupOwner graph]
Dashboard
/dashboard/showHighRiskActivitiesByThreatCategoryChart
3154
Dashboard-SecurityDashbaord-Threats-Threats ByCategory Chart
Dashboard
about_license2073
Dashboard-AdministrativeDashboard-About License
Dashboard
POLICYVIOLATIONSWORKFLOW:Mark AsConcern
3169
Dashboard-SecurityDashbaord-PolicyViolations:Mark As Concern
Dashboard
/dashboard/showActivityOutliersWidget3171
Dashboard-SecurityDashboard-Peer BasedActivities
Dashboard
/export/exportObjectsToRtf3241
Export-ExportObjects to RTF
Dashboard
policy_category:ALERT3124
Dashboard-SecurityDashbaord-ALERT
SNYPR Administration Guide 506
Appendix A: Access Privileges
Dashboard
policy_category:DATA EXFILTRATION3125
Dashboard-SecurityDashbaord-DATAEXFILTRATION
Dashboard
/adminDashboard/loadAccessImportHistory3129
Dashboard-AdministrativeDashboard-Access ImportHistory
Dashboard
/riskModeler3361
Risk ModelerWidget
Dashboard
/riskModeler/getUpdatedToken3360
Risk Modeler-Get UpdatedToken
Dashboard
POLICYVIOLATIONSWORKFLOW:Mark AsNon-Concern
3170
Dashboard-SecurityDashbaord-PolicyViolations:Mark As Non-Concern
Dashboard
/riskModeler/showJobOutput3359
Risk Modeler-Show JobOutput
Dashboard
/riskModeler/searchJobAJAX3357
Risk Modeler-Search JobAJAX
Dashboard
/incidents/showReviews1954
Respond-ActivityReviews
Dashboard
/riskModeler/searchRiskModelJobs3356
Risk Modeler-Search RiskModel Jobs
SNYPR Administration Guide 507
Appendix A: Access Privileges
Dashboard
/executiveDashboard/loadExecutiveDashboard3176
Dashboard-ExecutiveDashboard
Dashboard
/geolocation/showGeolocation3173
Dashboard-GeolocationMap
Dashboard
/incidents/showSendCaseNotification3172
Dashboard-SecurityDashboard-Incidents [SendCaseNotificationEmail]
Dashboard
/riskModeler/runThreatModel3358
Risk Modeler-Run ThreatModel
Dashboard
/adminDashboard/loadActivityImportHistory1824
Dashboard-AdministrativeDashboard-Activity ImportHistory[showsactivity importhistory details]
Dashboard
/adminDashboard/showCorrelationResultsDetails1823
Dashboard-AdministrativeDashboard-CorrelationResults [showscorrelationresults deatails]
Dashboard
/dashboard/accessRequest2005
Access Request
SNYPR Administration Guide 508
Appendix A: Access Privileges
Dashboard
/adminDashboard/loadGlossaryImportHistoryChart
1825
Dashboard-AdministrativeDashboard-GlossaryImport History[shows glossaryimport historydetails]
Dashboard
/dashboard/showHighRiskAccessByAccessValueChart
3000
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby AccessValue graph]
Dashboard
/riskModeler/3362
Risk Modeler
Dashboard
/export/index3231
Export-index
Dashboard
about_application2072
Dashboard-AdministrativeDashboard-AboutApplication
Dashboard
/dashboard/showHighRiskResourcesList2066
Dashboard-SecurityDashboard-High RiskResources[shows highrisk resources]
SNYPR Administration Guide 509
Appendix A: Access Privileges
Dashboard
/dashboard/showHighRiskUsersChart1805
Dashboard-SecurityDashboard-High RiskUsers [showshigh risk usersgraph]
Dashboard
/export/exportObjectsToCsv3234
Export-ExportObjects to CSV
Dashboard
/adminDashboard/loadSummary2062
Dashboard-AdministrativeDashboard-Summary
Dashboard
/users/showInvestigationWorkbench2058
Dashboard-LaunchInvestigationWorkbench
Dashboard
/dashboard/loadScheduledJobsCalendar2054
Dashboard-JobCalendar[shows jobcalendar]
Dashboard
/dashboard/loadExecutiveDashboard2032
Dashboard-Load ExecutiveDashboard
Dashboard
/export/exportToPdf3232
Export-Exportto PDF
Dashboard
/dashboard/showUsersWithAccessForOutliers3919
Dashboard-Users WithAccess Outliers
Dashboard
/export/exportToXML3233
Export-Exportto XML
SNYPR Administration Guide 510
Appendix A: Access Privileges
Dashboard
/dashboard/showHighRiskUsersList1806
Dashboard-SecurityDashboard-High RiskUsers[showslist of high riskusers]
Dashboard
/dashboard/showHighRiskAccessUsersChart1807
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessusers graph]
Dashboard
/dashboard/showHighRiskAccessUserList1808
Dashboard-SecurityDashboard-High RiskAccess[showslist of high riskaccess users]
Dashboard
/dashboard/getAccessListByResource2004
AccessRequest-[showsaccess list byresource]
Dashboard
/dashboard/submitAccessRequest2003
AccessRequest-[submit accessrequest]
Dashboard
/adminDashboard/loadCorrelationChart1822
Dashboard-AdministrativeDashboard-CorrelationResults [showscorrelationresults graph]
SNYPR Administration Guide 511
Appendix A: Access Privileges
Dashboard
/adminDashboard/showUserImportHistoryDetails1821
Dashboard-AdministrativeDashboard-User ImportHistory[showsuser importhistory details]
Dashboard
/adminDashboard/loadUserImportHistoryChart1820
Dashboard-AdministrativeDashboard-User ImportHistory[showsuser importhistory graph]
Dashboard
/dashboard/showPolicyDetails1818
Dashboard-SecurityDashboard-User DefinedPolicies[showsdetails of userdefinedpolicies]
Dashboard
/dashboard/showDOSAccounts1817
Dashboard-SecurityDashboard-Possible DOSAttack[showspossible dosaccounts list]
Dashboard
/dashboard/showIncidentsProgress1816
Dashboard-SecurityDashboard-Incidents[shows incidentprogress]
SNYPR Administration Guide 512
Appendix A: Access Privileges
Dashboard
/incidents/showIncidentsList1815
Dashboard-SecurityDashboard-Incidents[shows list ofincidents]
Dashboard
/incidents/showIncidentsChart1814
Dashboard-SecurityDashboard-Incidents[showsincidentsgraph]
Dashboard
/dashboard/highRiskAccountsFromMultipleIP1813
Dashboard-SecurityDashboard-High RiskAccounts[shows list ofhigh riskaccounts]
Dashboard
/dashboard/showDLPPeersList1812
Dashboard-SecurityDashboard-DLP Alerts[shows list ofDLP alerts]
Dashboard
/dashboard/showDLPPeersListGraph1811
Dashboard-SecurityDashboard-DLP Alerts[shows DLPalerts graph]
SNYPR Administration Guide 513
Appendix A: Access Privileges
Dashboard
/dashboard/showHighRiskActivitiesList1810
Dashboard-SecurityDashboard-High RiskActivities[shows list ofhigh riskactivities]
Dashboard
/dashboard/showHighRiskActivitiesChart1809
Dashboard-SecurityDashboard-High RiskActivities[shows highrisk activitiesgraph]
Dashboard
/dashboard/showGroupOwnersForHighRiskAccess
3003
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby GroupOwner list]
Dashboard
/dashboard/showHighRiskAccessPeerChart3004
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Peer graph]
Dashboard
/adminDashboard/loadAdministrativeDashboard1819
Dashboard-AdministrativeDashboard
SNYPR Administration Guide 514
Appendix A: Access Privileges
Dashboard
/dashboard/showHighRiskAccessByResourceChart
3006
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Resourcegraph]
Dashboard
/dashboard/updateCase3978
Update Case
Dashboard
/dashboard/showEntityCounts3979
Dashboard-Entity Counts
Dashboard
/dashboard/loadResourceAccessPoliciesDetails3980
Dashboard-Load ResourceAccess PoliciesDetails
Dashboard
/dashboard/showViolationsChartData3981
Dashboard-ViolationsChart Data
Dashboard
/dashboard/loadResourceAlertsPoliciesDetails3982
Dashboard-Load ResourceAlerts PoliciesDetails
Dashboard
/dashboard/searchUserImportJobAJAX3983
Dashboard-Search UserImport Jobusing AJAX
Dashboard
/dashboard/showRiskyUserAccounts3977
Dashboard-Risky UserAccounts
SNYPR Administration Guide 515
Appendix A: Access Privileges
Dashboard
policy_category:ROGUE ACCESS PRIVILEGES4627
Dashboard-SecurityDashbaord-ROGUEACCESSPRIVILEGES
Dashboard
/dashboard/showCreateCase3921
Enable CreateCase
Dashboard
/dashboard/showHighRiskOutlierActivitiesChart3950
HighRiskOutlierActivities Chart
Dashboard
/dashboard/addToWhiteList3969
Dashboard-AddTo WhiteList
Dashboard
/dashboard/showSearchOrg3967
Dashboard-Show SearchOrganization
Dashboard
/dashboard/showUsersWithoutAccessForOutliers3952
Dashboard-Show UsersWithout AccessOutliers
Dashboard
/dashboard/showCalendarEventList3953
Dashboard-Show CalendarEvents List
Dashboard
/dashboard/showUsersWithActivity3985
Dashboard-Users WithActivity
Dashboard
/dashboard/showSendReminder3976
Dashboard-Show SendReminder
Dashboard
/dashboard/showHighRiskThreatsListByCategory3975
HighRiskThreats List ByCategory
SNYPR Administration Guide 516
Appendix A: Access Privileges
Dashboard
/dashboard/appCorrelationChart3974
Dashboard-AppCorrelationChart
Dashboard
/dashboard/showPeersListForHighRiskAccess3005
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Peer list]
Dashboard
/dashboard/showHighRiskResourcesWidget3922
HighRiskResourcesWidget
Dashboard
/dashboard/rejectCert3923
Dashboard-Rejection Cert
Dashboard
/dashboard/loadActivityImportHistoryChartByJob
3924
Dashboard-Load ActivityImport HistoryChart By Job
Dashboard
/dashboard/showHighRiskAccessWidget3925
HighRiskAccess Widget
Dashboard
/dashboard/createAccessCertCases3926
Dashboard-Create AccessCertificationCases
Dashboard
/dashboard/showAccessScannerUsersList3927
Dashboard-Show AccessScanner UsersList
Dashboard
/dashboard/loadDatasourceFilter3928
Dashboard-LoadDatasourceFilter
SNYPR Administration Guide 517
Appendix A: Access Privileges
Dashboard
/dashboard/showUsersWithoutActivity3930
Dashboard-Show UsersWithoutActivity
Dashboard
/dashboard/showUserDetailsForActivityOutliers3987
Dashboard-User DetailsFor ActivityOutliers
Dashboard
/dashboard/assignCertToUser3949
Dashboard-AssignCertificate toUser
Dashboard
/dashboard/loadSecurityDashboard3951
Load SecurityDashboard
Dashboard
/dashboard/loadActivityImportHistoryChart3971
Dashboard-Load ActivityImport HistoryChart
Dashboard
/dashboard/showPolicyTrend3972
Dashboard-Show PolicyTrend
Dashboard
/dashboard/showSuspectEventAdditionalDetails3973
Dashboard-Show SuspectEventAdditionalDetails
Dashboard
/dashboard/beforeInterceptor3954
Dashboard-BeforeInterceptor
Dashboard
/dashboard/loadActivityDashboard3955
Dashboard-Load ActivityDashboard
SNYPR Administration Guide 518
Appendix A: Access Privileges
Dashboard
/dashboard/loadResourceActivityPoliciesDetails3970
Dashboard-Load ResourceActivityPolicies Details
Dashboard
/dashboard/showAddToWhitelist3957
Dashboard-Show Add ToWhitelist
Dashboard
/export/3245
Dashboard-Show Export
Dashboard
/dashboard/showWhitelistSearch3045
Dashboard-Whitelist
Dashboard
/dashboard/showHighRiskAccess3029
Dashboard-SecurityDashboard -High RiskAccess
Dashboard
/dashboard/showCerts3028
Dashboard-SecurityDashboard -ShowCertificationson Dashboard
Dashboard
/export/beforeInterceptor3244
Export-BeforeInterceptor
Dashboard
/dashboard/getUpdatedToken3956
Dashboard-GetUpdated Token
Dashboard
/riskModeler/showThreatModelJobs3353
Risk Modeler-Show ThreatModel Jobs
Dashboard
/export/getMaskingParams3242
Export-GetMaskingParams
Dashboard
/export/exportObjectsToPdf3240
Export-ExportObjects to PDF
SNYPR Administration Guide 519
Appendix A: Access Privileges
Dashboard
/export/exportToRtf3239
Export-Exportto RTF
Dashboard
/export/getReportName3238
Export-GetReport Name
Dashboard
/export3237
Dashboard-Enable Export
Dashboard
/export/exportObjectsToXML3236
Export-ExportObjects to XML
Dashboard
/export/columnCheck3235
Export-ColumnCheck
Dashboard
/dashboard/showResourcesForHighRiskAccess3007
Dashboard-SecurityDashboard-High RiskAccess [showshigh risk accessby Resourcelist]
Dashboard
/dashboard/showAccessScannerSummary3049
Dashboard-Access Scanner
Dashboard
/dashboard/getTaskAssistantList3050
Dashboard-Task Assistant
Dashboard
/export/exportToCsv3243
Export-Exportto CSV
Dashboard
/riskModeler/configureRiskModel3352
Risk Modeler-Configure RiskModel
Dashboard
/riskModeler/deleteThreatModel3351
Risk Modeler-Delete ThreatModel
Dashboard
/dashboard/showHighRiskAccessUserDetails3959
Show HighRiskAccess UserDetails
SNYPR Administration Guide 520
Appendix A: Access Privileges
Dashboard
/dashboard/showAccessScannerDataSummary3960
Show AccessScanner DataSummary
Dashboard
/dashboard/listViolationActions3961
Dashboard-ListViolationActions
Dashboard
/dashboard/loadResourceOutlierActivitiesDetails3962
Dashboard-Load Details ofResourceOutlierActivities
Dashboard
/dashboard/showDateOfUserImportJob3963
Dashboard-Show Date ofUser ImportJob
Dashboard
/dashboard/showUserDetailsForAccessOutliers3964
Dashboard-Show UserDetails ForAccess Outliers
Dashboard
/dashboard/showPoliciesListForViolatorByPolicyCategory
3958
Dashboard-Show PoliciesList ForViolator ByPolicyCategory
Dashboard
/dashboard/showHighRiskAccessCertProgress3966
Show HighRiskAccessCertificationProgress
Dashboard
/dashboard/switchCorrelationGraph3968
Dashboard-SwitchCorrelationGraph
SNYPR Administration Guide 521
Appendix A: Access Privileges
Dashboard
/dashboard/loadDashboard1804
Dashboard-SecurityDashboard
Dashboard
policy_category:Suspicious Activity4628
Dashboard-SecurityDashbaord-SuspiciousActivity
Dashboard
/dashboard/showHighRiskActivitiesTrendChart3156
Dashboard-SecurityDashbaord-Threats-Threats ByTrend Chart
Dashboard
/dashboard/showPolicyCategoriesWidet3059
Dashboard-PolicyCategoriesWidget
Dashboard
/dashboard/showWhitelistDetails3965
Dashboard-Show WhitelistDetails
Geolocation
Geolocation /geolocation/getFilters 4530 Geolocation-Get Filters
Geolocation /geolocation/listDatasources 4528 Geolocation-List Datasources
Geolocation /geolocation 4529 Show Geolocation
Geolocation /workbench/basicGeoLoc 4541Geolocation-Show BasicGeolocation[Top right quicklink]
Geolocation /geolocation/getUpdatedToken 4533Geolocation-Get UpdatedToken
Geolocation /geolocation/geoLocationData 4531Geolocation-GeolocationData
SNYPR Administration Guide 522
Appendix A: Access Privileges
Geolocation /geolocation/ 4532 Geolocation
Investigation Workbench
InvestigationWorkbench
/workbench/nodelinkdata4616
Show nodelink data
InvestigationWorkbench
/workbench/getlocation4617
Allow gettinglocation
InvestigationWorkbench
/workbench/showPolicyViolators4552
InvestigationWorkbench-Show PolicyViolators
InvestigationWorkbench
/workbench/geoLocation4558
InvestigationWorkbench-ShowGeoLocation
InvestigationWorkbench
/workbench/4557
InvestigationWorkbench
InvestigationWorkbench
/workbench/getChildAccessLevels4556
InvestigationWorkbench-Show AccessLevels forChild Node
InvestigationWorkbench
/workbench4555
EnableInvestigationWorkbench
SNYPR Administration Guide 523
Appendix A: Access Privileges
InvestigationWorkbench
/workbench/investigatePeerComparison4554
InvestigationWorkbench-PeerComparisonInvestigation
InvestigationWorkbench
/workbench/getUpdatedToken4553
InvestigationWorkbench-Get UpdatedToken
InvestigationWorkbench
/workbench/listAccessValues4551
InvestigationWorkbench-List AccessValues
InvestigationWorkbench
/workbench/showNewInvestigationWorkbench
4540
InvestigationWorkbench-Show NewWorkbench
InvestigationWorkbench
/workbench/investigateObject4546
InvestigationWorkbench-ObjectInvestigation
InvestigationWorkbench
/workbench/networkgeoloc4550
InvestigationWorkbench-ShowNetworkGeolocations
InvestigationWorkbench
/workbench/initWorkbenchSearch4539
InvestigationWorkbench-SearchInitialization
InvestigationWorkbench
/workbench/displayScreenshot4544
InvestigationWorkbench-View/Display Screenshot
SNYPR Administration Guide 524
Appendix A: Access Privileges
InvestigationWorkbench
/workbench/showInvestigationWorkbench4542
ShowInvestigationWorkbench
InvestigationWorkbench
/workbench/searchObjects4538
InvestigationWorkbench-SearchObjects
InvestigationWorkbench
/workbench/sourceDestinationPlot4549
InvestigationWorkbench-ShowSources ofDestinationPlot
InvestigationWorkbench
/workbench/getAssociatedObjects4545
InvestigationWorkbench-GetAssociatedObjects
InvestigationWorkbench
/workbench/showPolicyViolatorsForPeer4548
InvestigationWorkbench-Show PolicyViolatorAccounts forPeer
InvestigationWorkbench
/workbench/searchAJAX4543
InvestigationWorkbench-Search
SNYPR Administration Guide 525
Appendix A: Access Privileges
Other
Other SELFAUDITWORKFLOW:Decline 3180This is when user decline theactivity.
Other SELFAUDITWORKFLOW:Confirm 3179This is when user confirmsthe activity.
Other /solr/** 3177 /solr/**
Reports
Reports
/reports/deleteCategory3122
Reports-DeleteCategory
Reports
/reports/showActivityOrphanAccounrtsByResourceReport
3287
Reports-ShowActivityOrphanAccounts ByResourceReport
Reports
/reports/showResourceGroupList3288
Reports-ShowResource-Group List
Reports
/reports/editCategory3123
Reports-EditCategory
Reports
/reports/addCategory3121
Reports-AddCategory
Reports
/export/exportReport3116
Reports-Save AndGenerateAdhocReports
SNYPR Administration Guide 526
Appendix A: Access Privileges
Reports
/reports/deleteReport3119
Reports-DeleteReports
Reports
/reports/showReportScheduler3118
Reports-ScheduleReports
Reports
/reports/editReport3117
Reports-EditReports
Reports
/reports/showRedundantNonUserAccountsReport3286
Reports-ShowRedundantNon UserAccountsReport
Reports
/reports/createReport3120
Reports-CreateReports
Reports
/reports/loadColumns3285
Reports-LoadColumns
Reports
/config/showAuditList3647
Configuration-ShowAudit List
Reports
/reports/getReportParameters3261
Reports-GetReportParameters
Reports
/reports/showDormantAccountsReport3262
Reports-ShowDormantAccountsReport
SNYPR Administration Guide 527
Appendix A: Access Privileges
Reports
/reports/showUserAccessByResourceReport3263
Reports-Show UserAccess ByResourceReport
Reports
/reports/createAdhocReport3113
Reports-CreateAdhocReports
Reports
/reports/deleteAdHocReport3115
Reports-DeleteAdhocReports
Reports
/reports/uploadJrxmlFile3343
Reports-UploadJRXML File
Reports
/reports/showRacfOutlierAnalysisReport3294
Reports-Show RacfOutlierAnalysisReport
Reports
/reports/showUserDetailsReport3326
Reports-Show UserDetailsReport
Reports
/reports/showOutlierAnalysisReportByApplicationPermission
3327
Reports-ShowOutlierAnalysisReport ByApplicationPermission
Reports
/reports/showResourceReport3328
Reports-ShowResourceReport
SNYPR Administration Guide 528
Appendix A: Access Privileges
Reports
/reports/showResourceActivityReportbyUser3329
Reports-ShowResourceActivityReport byUser
Reports
/reports/showHighRiskAccessReport3330
Reports-Show HighRisk AccessReport
Reports
/reports/saveNewCategory3331
Reports-Save NewCategory
Reports
/reports/showAdOutlierAnalysisReport3260
Reports-ShowAdOutlierAnalysisReport
Reports
/reports/showPeerAssignmentRulesReport3264
Reports-Show PeerAssignmentRulesReport
Reports
/reports/selectPeerList3276
Reports-Select PeerList
Reports
/reports/showUserActivityReport3284
Reports-Show UserActivityReport
Reports
/reports/saveUserReport3259
Reports-Save UserReport
SNYPR Administration Guide 529
Appendix A: Access Privileges
Reports
/reports/paginateReports3289
Reports-PaginateReports
Reports
/reports/showReportParameters3291
Reports-ShowReportParameters
Reports
/reports/showResourceList3292
Reports-ShowResourcesList
Reports
/reports/3290
EnableReportsView
Reports
/reports/showAnomalyDetectionRulesbyUser3257
Reports-ShowAnomalyDetectionRules byUser
Reports
/reports/selectResourceGroupList3256
Reports-SelectResourceGroup List
Reports
/reports/showPeerList3258
Reports-Show PeerList
Reports
/reports/listParameters3273
Reports-ListParameters
Reports
/reports/exportSavedReport3114
Reports-RunAdhocReports
Reports
/reports/getUpdatedToken3267
Reports-GetUpdatedToken
SNYPR Administration Guide 530
Appendix A: Access Privileges
Reports
/reports/showPeerActivityReport3268
Reports-Show PeerActivityReport
Reports
/reports/beforeInterceptor3265
Reports-BeforeInterceptor
Reports
/reports/runSubReport3283
Reports-RunSub Report
Reports
/reports/showUserPeerReport3270
Reports-Show UserPeer Report
Reports
/reports/showPeerSuspiciousActivityReport3271
Reports-Show PeerSuspiciousActivityReport
Reports
/reports/showAdhocReportList3272
Reports-Show AdhocReport List
Reports
/reports/selectResourceList3266
Reports-SelectResourcesList
Reports
/reports/showUserActivityReportbyDate3282
Reports-Show UserActivityReport byDate
Reports
/reports/runTopNReport3280
Reports-RunTop NReport
Reports
/reports/scheduledReportList3279
Reports-ScheduledReport List
SNYPR Administration Guide 531
Appendix A: Access Privileges
Reports
/reports/showUserBehaviorProfileReport3278
Reports-Show UserBehaviorProfileReport
Reports
/reports/showSelectUsersDialog3332
Reports-Show SelectUsersDialog
Reports
/reports/showUserAccesAccountReport3275
Reports-Show UserAccesAccountReport
Reports
/reports/showUserSuspiciousActivityReport3274
Reports-Show UserSuspiciousActivityReport
Reports
/reports/showTopHighestActivityUsersReport3281
Reports-ShowHighestUserActivityReport
Reports
/reports/showTopNReportsList3269
Reports-Show Top NReports List
Reports
/reports/showOutlierReports2071
OutlierReports
Reports
/reports/saveTopNReport3277
Reports-SaveTop NReport
Reports
/reports/showResourceReports2069
ResourceReports
SNYPR Administration Guide 532
Appendix A: Access Privileges
Reports
/reports/showHqlQuery3056
Reports-Ad-Hoc Reports
Reports
/reports/showReportList3299
Reports-ShowReports List
Reports
/reports/showAccessOutlierReport3300
Reports-ShowAccessOutlierReport
Reports
/reports/showGroupOwnerByResourceGroupReport3301
Reports-Show GroupOwner ByResourceGroupReport
Reports
/reports/showAnomalyActivitybyUser3302
Reports-ShowAnomalyActivity byUser
Reports
/reports/getResourceGroups3303
Reports-GetResourceGroups
Reports
/reports/showResourceActivityReportbyIP3304
Reports-ShowResourceActivityReport byIP
Reports
/reports/showSharedLoginActivityReport3305
Reports-ShowSharedLoginActivityReport
SNYPR Administration Guide 533
Appendix A: Access Privileges
Reports
/reports/showPeerBehaviorProfileReport3295
Reports-Show PeerBehaviorProfileReport
Reports
/reports/testExportReport3307
Reports-Test ExportReport
Reports
/reports/showhighRiskAccessByPeer3318
Reports-Show HighRisk AccessBy Peer
Reports
/reports/searchParameterValue3317
Reports-SearchParameterValue
Reports
/reports/runReport3055
Reports-RunReport
Reports
/reports/showHighRiskAccessByResourceReport3316
Reports-Show HighRisk AccessBy ResourceReport
Reports
/reports/showGenerateReport3319
Reports-ShowGenerateReport
Reports
/reports/showJRMAnalysisReport3320
Reports-Show JRMAnalysisReport
SNYPR Administration Guide 534
Appendix A: Access Privileges
Reports
/reports/showresourceActivityReportbyDate3314
Reports-ShowResourceActivityReport byDate
Reports
/reports/listUsers3313
Reports-ListAll Users
Reports
/reports/showTerminatedUsersAccountsReport3312
Reports-ShowTerminatedUsersAccountsReport
Reports
/reports/getFilterCondition3311
Reports-GetFilterCondition
Reports
/reports/saveSubReport3310
Reports-Save SubReport
Reports
/reports/showresourceActivityReport3309
Reports-ShowResourceActivityReport
Reports
/reports/showUncorrelatedAccessAccountReport3308
Reports-ShowUncorrelated AccessAccountReport
Reports
/reports/downloadReport3321
Reports-DownloadReport
SNYPR Administration Guide 535
Appendix A: Access Privileges
Reports
/reports/showHighRiskUsersReport3306
Reports-Show HighRisk UsersReport
Reports
/reports/showScheduledReports2070
ScheduleReports
Reports
/reports/showUserHighRiskAccessReport3315
Reports-Show UserHigh RiskAccessReport
Reports
/reports/saveReport3054
Reports-Save Report
Reports
/reports/dashboard3048
Reports-ByCategories
Reports
/reports/generateHQL3298
Reports-generateHQL
Reports
/reports/showPeerGroupReports2068
PeerReports
Reports
/reports/showUserReports2067
UserReports
Third Party Intelligence
Third PartyIntelligence
/tpi/showCreateNewCore 3850Third Party Intelligence-Show Create New Core
Third PartyIntelligence
/tpi/searchTpi 3849Search Third PartyIntelligence
Third PartyIntelligence
/tpi 3848Enable Third PartyIntelligence
Third PartyIntelligence
/tpi/showTpiSearch 3047Dashboard-Third PartyIntelligence
SNYPR Administration Guide 536
Appendix A: Access Privileges
Third PartyIntelligence
/tpi/saveTPICore 3846Save Third PartyIntelligence Core
Third PartyIntelligence
/tpi/scheduleTpiExport 3844Schedule Third PartyIntelligence Export
Third PartyIntelligence
/tpi/searchTpiKB 3847Search Third PartyIntelligence KB
Third PartyIntelligence
/tpi/getUpdatedToken 3851Third Party Intelligence-Get Updated Token
Third PartyIntelligence
/tpi/showTpiResultsOfSearchValue 3859Show Third PartyIntelligence Results ofSearch Value
Third PartyIntelligence
/tpi/saveTPIRecords 3858Save Third PartyIntelligence Records
Third PartyIntelligence
/tpi/index 3852ShowThird PartyIntelligence
Third PartyIntelligence
/tpi/showTPIKBSearch 3857Show Third PartyIntelligenceKB Search
Third PartyIntelligence
/tpi/ 3856Show Third PartyIntelligence
Third PartyIntelligence
/tpi/scheduleTpiImport 3853Schedule Third PartyIntelligence Import
Third PartyIntelligence
/tpi/showTpiExtraParams 3855Show Third PartyIntelligence ExtraParameters
Third PartyIntelligence
/tpi/showCreateNewTPIEntry 3854Show Create New ThirdParty Intelligence Entry
Third PartyIntelligence
/tpi/beforeInterceptor 3860Third Party Intelligence-Before Interceptor
SNYPR Administration Guide 537
Appendix A: Access Privileges
Views
Views
/organization/showSearchOrg4172
Show SearchOrganization
Views
/peer/showPeerAccess3034
Manage-Peers[shows Peer AccessDetails]
Views
/peer/showPeerBehaviorPanel3035
Manage-Peers[shows PeerBehavior]
Views
/organization/edit3036
Manage-Organizations[shows editorganizationscreen]
Views
/organization/showChildOrganizations3040
Manage-Organizations[shows Child-Organization]
Views
/resource/editAccessAttribute3088
Manage-Resources[Edit AccessAttribute]
Views
/organization/showApplicationsforOrg3038
Manage-Organizations[shows Applicationsof Organization]
Views
/peer/showPeerActivities3033
Manage-Peers[shows PeerActivities]
Views
/resource/showResourceActivities3041
Manage-Resources[shows ResourceActivities]
SNYPR Administration Guide 538
Appendix A: Access Privileges
Views
/organization/showUsersforOrg3037
Manage-Organizations[shows Users ofOrganization]
Views
/users/showUserBehaviorPanel3032
Manage-Users[shows UserBehavior]
Views
/resource/showAddActivityAttributesDialog3084
Manage-Resources[Add ActivityAttributes]
Views
/users/showUserOrgs3030
Manage-Users[showsOrganizations ofUser]
Views
/resource/deleteRGData3083
Manage-Resources[Delete ResourceGroup Data]
Views
/resource/showMonitorAccess3042
Manage-Resources[shows ResourceAccess details]
Views
/resource/removeActivityAttributes3085
Manage-Resources[Remove ActivityAttributes]
Views
/resource/showAddAccessAttributesDialog3086
Manage-Resources[Add AccessAttributes]
Views
/resource/removeAccessAttributes3087
Manage-Resources[Remove AccessAttributes]
Views
/org/showHighRiskOrgApplicationsAggregateList
3139
Dashboard-Organization-ShowHigh RiskOrganizationAggregateApplications
SNYPR Administration Guide 539
Appendix A: Access Privileges
Views
/org/showHighRiskOrgUsersAggregateList3141
Dashboard-Organization-ShowHigh RiskOrganizationAggregate Users
Views
/org/showHighRiskUsersForOrgByCategory3150
Dashboard-Organization-ShowHigh Risk Users InOrganization ByCategory
Views
/org/listHighRiskOrgs3142
Dashboard-Organization-ShowHigh RiskOrganizations
Views
/organization/save4164
Organization-Save
Views
/organization/listOrganizations4169
Organization-ListOrganizations
Views
/users/showUserActivities3031
Manage-Users[shows UserActivities]
Views
/resource/showResourceBehaviorPanel3043
Manage-Resources[shows ResourceBehavior]
Views
/resource/delete3076
Manage-Resources[Delete Resource]
Views
/resource/deleteResourceGroup3078
Manage-Resources[Delete ResourceGroup]
Views
/organization/showAddResourcegroupToOrg3106
Manage-Organizations[AddResource Groups toOrganization]
SNYPR Administration Guide 540
Appendix A: Access Privileges
Views
/organization/removeResourcegroupsFromOrg3107
Manage-Organizations[Remove ResourceGroups fromOrganization]
Views
/watchList/showCreateEditWatchlist3108
Manage-Watchlist[Show CreateWatchlist]
Views
/watchList/deleteWL3109
Manage-Watchlist[Remove Watchlist]
Views
/watchList/addMembers3110
Manage-Watchlist[Add Members toWatchlist]
Views
/watchList/removeWLMembers3111
Manage-Watchlist[Remove Membersfrom Watchlist]
Views
/resource/reCorrelateAccounts3112
Manage-Resource[ShowResource:Recorelate Accounts ]
Views
/org/showHighRiskOrgsWidget3131
Dashboard-Organization-ShowHigh RiskOrgnization Widget
Views
/org/showOrgHierarchy3132
Dashboard-Organization-ShowOrganizationHierarchy
Views
/org/showOrgLevel23133
Dashboard-Organization-ShowOrganization Level2
SNYPR Administration Guide 541
Appendix A: Access Privileges
Views
/org/showOrgLevel33134
Dashboard-Organization-ShowOrganization Level3
Views
/org/showHighRiskOrgTrendingChart3135
Dashboard-Organization-ShowOrganizationTrending Chart
Views
/org/showHighRiskOrgResourcesList3136
Dashboard-Organization-ShowHigh RiskOrganizationResources
Views
/org/showHighRiskOrgResourcesAggregateList3137
Dashboard-Organization-ShowHigh RiskOrganizationAggregateResources
Views
/org/showHighRiskOrgApplicationsList3138
Dashboard-Organization-ShowHigh RiskOrganizationApplications
Views
/resource/edit3091
Manage-Resources[Edit Resource]
Views
/resource/deleteResourceData3090
Manage-Resources[Delete ResourceData]
Views
/resource/editActivityAttribute3089
Manage-Resources[Edit ActivityAttribute]
SNYPR Administration Guide 542
Appendix A: Access Privileges
Views
/organization/showResourcesforOrg3039
Manage-Organizations[shows Resourcesof Organization]
Views
/organization/showAddUsersDialog3071
Manage-Organization[AddUsers toOrganization]
Views
/organization/removeUsersFromOrg3072
Manage-Organizations[Remove UsersFrom Organization]
Views
/peer/deletePeerType3073
Manage-Peers[Delete Peer Type]
Views
/peer/showAddUsersDialog3074
Manage-Peers[AddUsers to Peer]
Views
/peer/removeUsersFromPeer3075
Manage-Peers[Remove UsersFrom Peer]
Views
/users/delete3077
Manage-Users[Delete User]
Views
/reports/runTopNReports3044
Manage-Resources[Top N Charts]
Views
/organization/showJobForAssignmentRules4174
Organization-ShowJob for AssignmentRules
Views
/manageData/showOrgSearch2030
Manage-Organizations
Views
/organization/isNameDuplicate4177
Organization-Checkif Name isDuplicate
SNYPR Administration Guide 543
Appendix A: Access Privileges
Views
/resource/showResourceGroupDetails2035
Manage-Resource-Resource name link[shows resourcedetails]
Views
/org/4051
Show OrganizationView
Views
/org4052
EnableOrganization View
Views
/org/showOrgRiskHistoryChart4053
Organization-ShowOrganization RiskHistory Chart
Views
/org/showHighRiskOrgs2031
Dashboard-SecurityDashboard-HighRisk Organizations
Views
/organization/showCreateOrgDialog3105
Manage-Organizations[ShowCreateOrganization]
Views
/manageData/showAppSearch2029
Manage-Applications
Views
/lookupTable/deleteLookupTableEntry4117
Delete LookupTable Entry
Views
/resource/importResources2006
Manage-Resources[shows importresource screen]
Views
/lookupTable/autocompleteSearch4118
LookupTable-AutocompleteSearch
Views
/lookupTable/getMaxRows4120
LookupTable-GetMax Rows
Views
/organization/listSelectOrganization4155
List SelectOrganization
SNYPR Administration Guide 544
Appendix A: Access Privileges
Views
/lookupTable/index4121
View LookupTable
Views
/lookupTable/listLookupTableData4122
List Lookup TableData
Views
/lookupTable/filterLookupTables4123
Filter LookupTables
Views
/lookupTable/4124
Show LookupTable
Views
/lookupTable/createLookuptable4125
Create LookupTable
Views
/lookupTable/listLookupTables4126
ListLookupTables
Views
/lookupTable4127
EnableLookupTable View
Views
/organization/addChildOrganizationsList4145
Add ChildOrganizations List
Views
/organization/showAssignmentRules4147
Organization-ShowAssignment Rules
Views
/organization/resumeJob4149
Organization-Resume Job
Views
/organization/loadCAssociationRule4150
Organization-ShowAssociation Rule
Views
/organization/showAddOrg4151
Show AddOrganization
Views
/organization/showSchedulePeerAssignmentRule
4152
Organization-ShowSchedule PeerAssignment Rule
Views
/org/getUpdatedToken4050
Organization-GetUpdated Token
Views
/org/beforeInterceptor4049
Organization-Before Interceptor
SNYPR Administration Guide 545
Appendix A: Access Privileges
Views
/org/updateOrgRiskScores3143
Dashboard-Organization-UpdateOrganization RiskScore
Views
/lookupTable/updateRowValues4119
LookupTable-Update Row Values
Views
/organization/4178
Views-ShowOrganization
Views
/organization/reRunJob4179
Organization-reRunJob
Views
/organization/treeView4181
Organization-TreeView
Views
/organization4182
View-EnableOrganization View
Views
/organization/listUsersNotInOrg4183
List Users Not InOrganization
Views
/organization/showOrgResourceGroups4184
Show OrganizationResource Groups
Views
/organization/list4185
Organization-List
Views
/peer/peerSearchAjax4224
Peer Search Ajax
Views
/resource/quickSearchResourceGroupAJAX4244
Quick SearchResource Groupusing AJAX
Views
/resource/getAccessLastRunData4279
Resource-GetAccess Last RunData
Views
/resource/listResourceTypes4285
List ResourceTypes
Views
/resource/loadResourcesGroups4334
Load ResourcesGroups
SNYPR Administration Guide 546
Appendix A: Access Privileges
Views
/organization/searchAJAX4175
Organization-Search usingAJAX
Views
/resource/getActivityLastRunData4404
Resource-GetActivity Last RunData
Views
/users/userSearchAjax4477
Users-Search Users
Views
/watchList/listWatchList4509
Watchlist-List ofWatchLists
Views
/watchList/saveWatchList4520
Watchlist-SaveWatchList
Views
/manageData/manageWatchlist3058
Manage-Watchlists
Views
/whiteList/4526
Views-EnableWhitelist
Views
/whiteList/showWhitelist4527
Views-ShowWhitelist
Views
/org/showPendingAssignments3147
Dashboard-Organization-ShowPendingAssignments
Views
/org/showPendingAssignmentsList3148
Dashboard-Organization-ShowPendingAssignments ListView
Views
/org/showHighRiskOrgsByCategory3149
Dashboard-Organization-ShowHigh RiskOrganization ByCategory
Views
/organization/searchTreeElement4163
Organization-Search TreeElement
SNYPR Administration Guide 547
Appendix A: Access Privileges
Views
/organization/listApplicationNotInOrganisation4161
List Application NotIn Organisation
Views
/organization/showOrgDetails4160
Show OrganizationDetails
Views
/resource/getResourcesForGroup4428
Get Resources ForGroup
Views
/organization/removeChildOrganizations3104
Manage-Organizations[Remove ChildOrganizations fromOrganization]
Views
/peer/pauseCreationJob1880
Manage-Peers-PeerCreation Rules[pause peercreation rule job]
Views
/organization/removeResourcesFromOrg3102
Manage-Organizations[Remove Resourcesfrom Organization]
Views
/resource/addResourcePeers4576
Add resource peers
Views
/resource/removePeersFromResources4577
Remove peers fromresources
Views
/resource/getResourcesPeerList4578
View resourcespeer list
Views
/spotter/loadDashboard4587
Spotter [NLPSearch Engine]
Views
/peer/showSchedulePeerAssignmentRule1885
Manage-Peers-PeerAssignment Rules[shows peerassignment rule jobscreen]
Views
/resource/getActivityIPPaginatedList4608
Display activity IPpaginated list
SNYPR Administration Guide 548
Appendix A: Access Privileges
Views
/resource/profileTypeMapping4607
Allow profile typemapping forresource
Views
/resource/getAccountsPaginatedList4606
Display paginatedlist for resources
Views
/resource/showBehavior1914
Manage-Resources-Behavior profile[shows resourcebehavior]
Views
/resource/showDataManagement1913
Manage-Resources-AccessManagement[showsaccess managementscreen]
Views
/resource/resourceAccessAccounts1912
Manage-Resources-Access Accounts[shows list of accessaccounts]
Views
/peer/createRule1886
Manage-Peers-PeerAssignment Rules[runs peer creationjob]
Views
/peer/resumeCreationJob1881
Manage-Peers-PeerCreation Rules[resume peercreation rule job]
Views
/peer/removeResourcesFromPeer4598
Allow to removeresources frompeer
Views
/peer/listResourcesNotInPeer4604
Display resourcesto add in peers
Views
/manageData/showProfileDetails1830
Manage-Profiles[shows profiledetails]
SNYPR Administration Guide 549
Appendix A: Access Privileges
Views
/manageData/showEditProfile1831
Manage-Profiles[shows edit profilescreen]
Views
/manageData/showUsersforProfile1832
Manage-Profiles[shows list of usersof profile]
Views
/manageData/showResourcesForProfile1833
Manage-Profiles[shows list ofresources ofprofile]
Views
/manageData/updateProfile1834
Manage-Profiles[update values forprofiles receivedfrom edit profilescreen]
Views
/manageData/showCreateProfile1835
Manage-Profiles[shows createprofile screen]
Views
/manageData/saveProfile1836
Manage-Profiles[saves values forprofiles receivedfrom create profilescreen]
Views
/manageData/showResourceSearch1837
Manage-Resources[shows list ofResources with submenu]
Views
/users/list1838
Manage-Users[shows list of users]
Views
/peer/searchResourcePeerAJAX4601
Allow resourcepeer search
Views
/resource/showResourcesPeer4575
Show resourcepeer view
SNYPR Administration Guide 550
Appendix A: Access Privileges
Views
/peer/loadSearchBar4602
Diaplay peer searchbar
Views
/peer/listResourcePeers4573
View resourcepeers
Views
/resource/getProfileTypesForName4611
Display profiletypes for name inresource
Views
/resource/listActivityAttributes1904
Manage-Resources-Activity Attributes[shows list ofactivity attributes]
Views
/resource/update1903
Manage-Resources[update valus forresource recievedfrom edit resourcescreen]
Views
/resource/showResource1901
Manage-Resources[shows resourcevalues]
Views
/users/showCreateUserDialog1839
Manage-Users[shows create newuser screen]
Views
/resource/addAccessAttribute1893
Manage-Resources[save values foraccess attributerecieved fromcreate accessattribute screen]
Views
/resource/showResourceUsage1900
Manage-Resources[shows resourceusage]
Views
/resource/showResourceDetails1899
Manage-Resources[shows resourcedetails with tabs]
SNYPR Administration Guide 551
Appendix A: Access Privileges
Views
/resource/save1898
Manage-Resources-Create Resource[save values forresource recievedfrom createresource screen]
Views
/resource/create1897
Manage-Resources-Create Resource[shows createresource screen]
Views
/resource/saveResourceGroup1896
Manage-Resources[save values forresource grouprecieved fromcreate resourcegroup screen]
Views
/resource/showCreateResourceGroupDialog1895
Manage-Resources-Create ResourceGroup[shows createresource groupscreen]
Views
/resource/updateActivityAttribute1909
Manage-Resources-Activity Attributes[update valus foractivity attributerecieved from editactivity attributescreen]
Views
/resource/listAccessAttributes1891
Manage-Resources[shows list of accessattributes]
SNYPR Administration Guide 552
Appendix A: Access Privileges
Views
/resource/updateResourceGroup1890
Manage-Resources[update valus forresource grouprecieved from editresource groupscreen]
Views
/resource/editResourceGroup1889
Manage-Resources[shows editresource groupscreen]
Views
/resource/listResourcesForResourceGroup1888
Manage-Resources[shows list ofresources]
Views
/resource/listResourceGroups1887
Manage-Resources[shows list ofresource groups]
Views
/resource/addActivityAttribute1906
Manage-Resources-Activity Attributes[save values foractivity attributerecieved fromcreate activityattribute screen]
Views
/resource/accountTypeMapping4609
Allow account typemapping forresource
Views
/resource/resourceAccounts1910
Manage-Resources-Accounts[showsaccounts]
Views
/resource/showResourceAccounts1911
Manage-Resources-Accounts[shows listof accounts]
Views
/watchList/listResourcesNotInWatchlist4615
Show resources notin watchlist
SNYPR Administration Guide 553
Appendix A: Access Privileges
Views
/watchList/listIPAddressNotInWatchlist4614
Show IP address forwatchlist
Views
/users/getAccountsPaginatedList4613
Show usersaccounts paginatedlist
Views
/resource/getResourcePaginatedList4612
Show resourcepaginated list
Views
/resource/loadBehaviorProfileDisplay4610
Show behaviorprofile display forresource
Views
/organization/showAddChildOrganizationDialog
3103
Manage-Organizations[AddChild Organizationsto Organization]
Views
/peer/getPaginateResourcesForPeer4603
Paginate resourcesfor peer
Views
/peer/showAssignmentRules1883
Manage-Peers-PeerAssignment Rules
Views
/peer/addResourcesToPeer4599
Allow adding ofresources to peer
Views
/peer/showAddResourcesDialog4600
Display addresource dialog
Views
/lookupTable/showLookupTableData3163
Manage-LookupTable-[Shows Listof Lookup Tableswith filters]
Views
/peer/showCreatePeerDialog1866
Manage-Peers-Create PeerManually[showscreate peer screen]
Views
/peer/showUsersforPeer1865
Manage-Peers[shows list of usersin the peer]
SNYPR Administration Guide 554
Appendix A: Access Privileges
Views
/peer/showPeerBehavior1864
Manage-PeersBehavior[showspeer behavior]
Views
/peer/delete1863
Manage-Peers[delete peer]
Views
/peer/update1862
Manage-Peers[update valus forpeer recieved fromedit peer screen]
Views
/peer/edit1861
Manage-Peers[shows edit peerscreen]
Views
/peer/showPeerDetails1860
Manage-Peers[shows peer details]
Views
/peer/list1859
Manage-Peers[shows list of peers]
Views
/peer/save1867
Manage-Peers[saves values forpeer received fromcreate peer screen]
Views
/organization/update3070
Manage-Organizations[Updateorganization]
Views
/watchList/manageWatchlist3162
Manage-Watchlist-[Shows List ofwatchlists withfilters]
Views
/org/showHighRiskOrgUsersList3140
Dashboard-Organization-ShowHigh RiskOrganization Users
Views
/users/addOrgs3092
Manage-Users[AddOrganizations]
SNYPR Administration Guide 555
Appendix A: Access Privileges
Views
/users/removeOrgsFromUser3093
Manage-Users[RemoveOrganizations]
Views
/users/addPeers3094
Manage-Users[AddPeers]
Views
/users/removePeersFromUser3095
Manage-Users[Remove Peers]
Views
/peer/editPeerType3096
Manage-Peers[Show Edit Peer]
Views
/peer/updateCriticality3097
Manage-Peers[Update Criticality]
Views
/resource/updateResourceAttributes3098
Manage-Resources[Update ResourceAttributes]
Views
/organization/showAddApplicationDialog3099
Manage-Organizations[AddApplications toOrganization]
Views
/organization/removeApplicationsFromOrg3100
Manage-Organizations[RemoveApplications fromOrganization]
Views
/organization/showAddResourcesToOrgDialog3101
Manage-Organizations[AddResources toOrganization]
Views
/peer/createPeerCreationRule1870
Manage-Peers-PeerCreation Rules[shows peercreation rule jobscreen]
Views
/resource/searchAJAXForResources4605
Allow resourcessearch
SNYPR Administration Guide 556
Appendix A: Access Privileges
Views
/peer/deleteJob1871
Manage-Peers-PeerAssignment Rules[delete peerassignment rulejob]
Views
/peer/reRunJob1873
Manage-Peers-PeerAssignment Rules[rerun peerassignment rulejob]
Views
/users/update1852
Manage-Users[update values forUser received fromedit user screen]
Views
/users/edit1851
Manage-Users[shows edit userscreen]
Views
/users/showBehavior1850
Manage-Users[shows behaviorprofile]
Views
/users/showUserProfiles1849
Manage-Users[shows usersprofiles]
Views
/users/showUserAccessAccounts1848
Manage-Users[shows accessaccounts of user]
Views
/users/showUserAccess1847
Manage-Users[shows user access]
Views
/users/showUserPeers1846
Manage-Users[shows peer groupsof user]
Views
/users/show1845
Manage-Users[shows generaldetails of user]
SNYPR Administration Guide 557
Appendix A: Access Privileges
Views
/users/showRiskyUserAccounts1844
Manage-Users[shows high riskaccounts for user]
Views
/users/showUserRiskScorecard1843
Manage-Users[showsriskscorecard foruser]
Views
/users/showUserBehavior1842
Manage-Users[shows behaviorprofile for user]
Views
/users/showEventsSummary1841
Manage-Users[shows monitoractivites for user]
Views
/manageData/listProfiles1829
Manage-Profiles[shows list ofprofiles]
Views
/manageData/showManageProfiles1828
Manage-Profiles[shows list ofprofiles with submenu]
Views
/manageData/showPeerSearch1827
Manage-Peers[shows list ofparent and childpeers with sunmenu]
Views
/peer/listParents1858
Manage-Peers[shows list ofparent peers]
Views
/peer/interruptCreationJob1882
Manage-Peers-PeerCreation Rules[interrupt peercreation rule job]
Views
/users/showUserDetails1840
Manage-Users[shows users detailswith tabs]
SNYPR Administration Guide 558
Appendix A: Access Privileges
Views
/manageData/showUserSearch1826
Manage-Users[shows list of userswith sub menu]
Views
/peer/reRunCreationJob1879
Manage-Peers-PeerCreation Rules[rerun peercreation rule job]
Views
/peer/cancelCreationJob1878
Manage-Peers-PeerCreation Rules[cancel peercreation rule job]
Views
/peer/deleteCreationJob1877
Manage-Peers-PeerCreation Rules[delete peercreation rule job]
Views
/peer/interruptJob1876
Manage-Peers-PeerAssignment Rules[interrupt peerassignment rulejob]
Views
/peer/resumeJob1875
Manage-Peers-PeerAssignment Rules[resume peerassignment rulejob]
Views
/peer/pauseJob1874
Manage-Peers-PeerAssignment Rules[pause peerassignment rulejob]
Views
/peer/cancelJob1872
Manage-Peers-PeerAssignment Rules[cancel peerassignment rulejob]
SNYPR Administration Guide 559
Appendix A: Access Privileges
Views
/whiteList4525
Views-Whitelist
SNYPR Administration Guide 560