User Guide

intel-db - 2.0.1

Contents

  1. Introduction
    1. The Cyber Kill Chain
    2. The Traffic Light Protocol
  2. Accessing the User Interface
  3. Working with the User Interface
  4. Change My Password
  5. Change My API Key
  6. Intel / Indicators
    1. Working with Indicators
    2. Add Indicators
    3. Edit an Indicator
    4. Delete an Indicator
  7. Intel / Signatures
    1. Working with Signatures
    2. Add Signature
    3. Edit a Signature
    4. Delete a Signature
  8. Intel / Targets
    1. Working with Targets
    2. Add Targets
    3. Edit a Target
    4. Delete a Target
  9. Intel / Sources
    1. Working with Sources
    2. Add a Source
    3. Edit a Source
    4. Delete a Source
  10. Intel / Campaigns
    1. Working with Campaigns
    2. Add a Campaign
    3. Edit a Campaign
    4. Delete a Campaign
  11. Admin / Users
    1. Working with Users
    2. Add a User
    3. Edit a User
    4. Delete a User
  12. Admin / Groups
    1. Working with Groups
    2. Add a Group
    3. Edit a Group
    4. Delete a Group
  13. Admin / Audit Log

Introduction

Welcome to the NoSpaceships Ltd IntelDB product (IntelDB)!

This document details all pages and features provided by the IntelDB Web User Interface (WebUI).

This document is aimed at all users.

NOTE The remaining sub-sections in this section detail some important concepts used by IntelDB. All users should read these sections to help better understand the application.

The Cyber Kill Chain

A cyber kill chain is used as a way to manage and improve security. It defines the phases through which threats must move. Organizations can utilise their security portfolio to address each stage of a kill chain.

By default, the IntelDB uses the intrusions kill chain, which is defined as follows (quoted from Wikipedia):

  • Reconnaissance - Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
  • Weaponization - Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
  • Delivery - Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives).
  • Exploitation - Malware weapon’s program code triggers, which takes action on target network to exploit vulnerability.
  • Installation - Malware weapon installs access point (e.g., “backdoor”) usable by intruder.
  • Command and Control - Malware enables intruder to have “hands on the keyboard” persistent access to target network.
  • Actions on Objective - Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

By default, IntelDB defines the above seven values, but it is possible for IntelDB administrators to add or remove kill chain values.

Refer to the Static Configuration / Kill Chain Values section in the IntelDB Admin Guide for information on how to manage kill chain values.

The Traffic Light Protocol

The Traffic Light Protocol (TLP) helps to identify the rules associated with the sharing of any specific piece of information.

The TLP defines four colours and an assocaited scope for sharing, for example (some of the text here quotes Wikipedia):

  • WHITE - Unlimited, e.g. information may be distributed freely without restriction
  • GREEN - Community wide, e.g. may be circulated widely within a particular community
  • AMBER - Limited distribution, e.g. may be shared with others within an organization but on a “need-to-know” basis
  • RED - Personal, e.g. for named recipients only

By default, IntelDB defines the above four values, but it is possible for IntelDB administrators to add or remove TLP values.

TLP values each have a precedence in relation to each other. For example, when adding an indicator and the indicator already exists, if the existing TLP value is “RED” and the new value was specified as “GREEN” the indicator will have the TLP value “GREEN” assigned once the indicator has been modified.

Refer to the Static Configuration / TLP Values section in the IntelDB Admin Guide for information on how to manage TLP values.

Accessing the User Interface

The IntelDB WebUI is provided by the IntelDB server. By default the application is available using HTTPS and the TCP port 8000.

This may have changed following initial installation and the IntelDB product administrator should be consulted to confirm which port is being used.

Once confirmed the WebUI can be accessed using the following URL:

https://<ip-address-or-hostname>:8000

NOTE Remember to replace “8000” with the port used for the local installation.

Once the WebUI has initially loaded the Login page will be displayed.

At the top of the Login page a disclaimer will be displayed.

NOTE By default a message is displayed in the disclaimer indicating to a product administrator where this may be changed.

Below the disclaimer the login form will be displayed, where a username and password can be entered to login.

A product administrator will confirm the credentials to use when accessing the WebUI. Once these have been entered, and authentication was successful, the Intel page will be displayed.

NOTE If a specific WebUI page has been requested that page will be displayed following successful login.

Working with the User Interface

Each page in the WebUI may be addressed and bookmarked directly. For example the Intel / Indicators page can be accessed using the following URL (the IP address “127.0.0.1” and default port are used for examples):

https://127.0.0.1:8000/ui/apps/idb#/intel/indicators

If this page is bookmarked and the user attempts to navigate to this page, the Login page will be presented as normal. However, following successful authentication, the Intel page will be displayed instead of the default page.

This allows direct links to specific pages in the WebUI to be communicated, without requiring that a user negotiate the WebUI.

After successful login to the WebUI the Intel page will be displayed by default.

At the top of each page a menu bar will be displayed. This will have links to the main features of the application, product help, and the production administration links.

The menu bar is mostly self-explanatory, the product is generally split into the following areas:

  • Intel - Manage indicators, targets, sources and campaigns
  • Admin - Manage users and groups, access permissions, and view the application audit log
  • Help - Access to product documentation

Displayed furthest to the right in the menu bar will be a message indicating Logged in as username, where username is the name of the user currently authenticated. This is a dropdown menu providing access to the following sub-menu items:

  • Change my password - Clicking this item will cause the Change my password dialog to be displayed, refer to the Change My Password section for details on this page
  • Change my API key - Clicking this item will cause the Change my API key dialog to be displayed, refer to the Change My API Key section for details on this page
  • Logout - Clicking this item will cause the current session to be invalidated and the page reloaded, ths will result in the display of the Login page

Below the menu bar will be a breadcrumb bar. The contents of the breadcrumb bar will be different on each page. The breadcrumb bar provides instant feedback of what page in the WebUI is being viewed.

Below the breadcrumb bar the page content area is displayed, this will be different for each page.

The remaining sections in this document detail all of the pages and features available in the WebUI.

Change My Password

The Change my password dialog can be accessed by selecting the Change my password sub-menu item from the Logged in as username menu item displayed to the right in the top menu bar.

Each user can change their own password using the Change my password dialog once authenticated.

The following fields are displayed in this page:

  • Current password - Specify the currently authenticated users existing password
  • New password - Specify a new password for the currently authenticated user
  • Confirm new password - Enter the new password again to confirm

Note that the new password must meet the currently configured complexity requirements, which by default is as follows:

  • Contain at least 1 upper case letter
  • Contain at least 1 lower case letter
  • Contain at least 1 number
  • Contain at least 1 of the following characters: !@#$%^&*
  • Be at least 8 characters long

NOTE An administrator may modify the password complexity requirements. If the new password meets the above requirements but is not accepted by IntelDB an administrator should be consulted.

Upon clicking the Change button the password will be changed immediately.

Change My API Key

The Change my API key dialog can be accessed by selecting the Change my API key sub-menu item from the Logged in as username menu item displayed to the right in the top menu bar.

Each user can set or change their own API key using the Change my API key dialog once authenticated.

The following fields are displayed in this page:

  • Current password - Specify the currently authenticated users existing password
  • API key - Specify an API key for the currently authenticated user, this must be at least 32 characters and any character can be utilised

If no API key has been configured previously, the API key field will be empty, otherwise, the API key will contain the API key currently configured.

Upon clicking the Change button the API key will be changed immediately.

Intel / Indicators

Working with Indicators

Indicators are viewed and managed under the Intel / Indicators page by clicking the IntelDB link displayed in the top menu bar and selecting the Indicators link displayed in the Intel page.

The Intel / Indicators page will display a table of all defined indicators which the currently authenticated user has been given permission to view.

NOTE All indicators will be displayed if the currently authenticated user is a product administrator.

The following columns are displayed in the table for each indicator:

  • Value - Indicator value, the format of this field will be specific to an indicators type, e.g. the dotted quad IP address “10.0.0.1” for the indicator type “IPv4 Address”
  • Type - The indicators type, e.g. “IPv4 Address” or “MD5”
  • Created - A string indicating when the indicator was created, and by which user, e.g. “2 days ago by stephen”, hovering over this field will result in a tooltip being displayed which contains the exact date and time the indicator was created
  • Modified - A string indicating when the indicator was last modified, and by which user, e.g. “2 days ago by silvia”, hovering over this field will result in a tooltip being displayed which contains the exact date and time the indicator was last modified
  • TLP - TLP value associated with the indicator, e.g. “WHITE” or “RED”
  • Kill chain - A comma separated list of assigned kill chain values, e.g. “Reconnaissance, Command & Control”
  • References - A comma separated list of assigned references, e.g. “ticket-123, change-456, incident-789”
  • Sources - A comma separated list of assigned sources, e.g. “Internal, Public”
  • Campaigns - A comma separated list of assigned campaigns, e.g. “Finger Mouse Phishing, Danger Mouse Phishing”

Indicators are displayed in the table as pages. By default 50 indicators are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of indicators exported to CSV. Hovering over any of these controls will display a tooltip indicating the specific function of a control.

The table can be sorted by Value, Type, Created and Modified. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against an indicators value, type, TLP, kill chain and references fields.

The list of indicators to display can be filtered by a specific source and/or a specific campaign. This is achieved by clicking the Sources and Campaigns column headers, selecting the appropriate item from the dropdown list displayed. These filters can be cleared by clicking the cross displayed to the right of the Sources and Campaigns column headers.

The link Add indicators will be displayed to the top right of the table if the currently authenticated user has been assigned permission to manage indicators for at least one source. Upon clicking this link the Add indicators dialog will be displayed. See the Intel / Indicators / Add Indicators section for details on this dialog and adding indicators.

Upon hovering over a row in the table a number of controls will be displayed to the right of an indicators value depending on what permissions have been assigned to the currently authenticated user. Hovering over a control will result in a tooltip being displayed describing the function of a tooltip.

An edit control (a pencil icon) will be displayed if permissions have been assigned to manage indicators for all the sources assigned to an indicator. Upon clicking the edit control the Edit indicator dialog will be displayed. See the Intel Indicators / Edit an Indicator section for details on this dialog and editing an indicator.

A clone control (a double paper icon) will be displayed if permissions have been assigned to manage indicators for at least one source. Upon clicking the clone control the Add indicators dialog will be displayed, and the fields populated with the attributes of the indicator for which the clone control was clicked. See the Intel / Indicators / Add Indicators section for details on this dialog and adding indicators.

A delete control (a cross icon) will be displayed if permissions have been assigned to delete an indicator. Upon clicking the delete control the Delete indicator dialog will be displayed. See the Intel Indicators / Delete an Indicator section for details on this dialog and deleting an indicator.

Add Indicators

Indicators are added using the Add indicators dialog. This can be accessed by clicking the Add indicators link displayed in the Intel / Indicators page, or by using the clone control (the double paper icon) displayed next to an indicators value in the Intel / Indicators page. These will only be accessible if the currently authenticated user has been given permission to manage indicators for at least one source.

Two tabs are displayed in this dialog.

The Indicator configuration tab contains the following attributes:

  • Type - The indicator type, this is required, e.g. “IPv4 Address” or “MD5”
  • Values - One or more indicator values, one per line, an indicator will be created for each specified value, this is required, the format of this field is dependant on the indicator type selected, e.g. “1.2.3.4” for the indicator type “IPv4 Address”
  • TLP - The appropriate TLP value, this is required, e.g. “GREEN”
  • Kill chain - One or more kill chain values the indicators should be associated with, at least one value is required, e.g. “Weaponization” and “Delivery”

The Attribution tab contains the following attributes:

  • References - One or more references indicators should be associated with, this is optional, to specify a value enter it into the field and click the [ENTER] key, this field can be used to link indicators to items such as support tickets, incidents and vulnerabilities
  • Sources - Zero or more sources indicators should be associated with, this is optional
  • Campaigns - Zero or more campaigns indicators should be associated with, this is optional

As each value specified is processed a search will be performed to determine if an indicator using that value already exists. If no indicator was found a new indicator using all provided fields will be added.

If an existing indicator was found, the following values specified will be associated with the existing indicator if they are not already associated:

  • Kill chain
  • References
  • Sources
  • Campaigns

For the TLP field, the new TLP value specified will override the existing TLP value if is determined to take precedence. For example, if the existing TLP value is “RED” and the new value was specified as “GREEN” the indicator will have the TLP value “GREEN” assigned once the indicator has been modified. When selecting a TLP value from the TLP field values displayed towards the bottom of the list take precedence over values displayed towards the top of the list.

Refer to the Introduction / The Cyber Kill Chain for more details on what kill chain values are available, and refer to the Introduction / The Traffic Light Protocol section for details on what TLP values are available.

Once all required attributes have been specified the Add button will be enabled, and once clicked an indicator will be added for each value specified.

The dialog will display a status message towards the bottom of the Add indicators dialog informing of which indicator value is currently being processed.

NOTE If you attempt to add an indicator which already exists, and you do not have permissions to manage the sources associated with the existing indicator, the server will respond with a HTTP “Forbidden” response. Correct the issue and simply click the Add button again. The dialog will simply process all indicators again until completion.

Edit an Indicator

Indicators are edited using the Edit indicator dialog. This can be accessed by clicking the edit control (the pencil icon) displayed to the right of a indicators value when hovering over a indicator in the Intel / Indicators page. This will only be accessible if the currently authenticated user has been given permission to manage indicators for all the sources associated with the indicator.

Two tabs are displayed in this dialog.

The Indicator configuration tab contains the following attributes:

  • Type - The indicator type, this is required, e.g. “IPv4 Address” or “MD5”
  • Values - One or more indicator values, one per line, an indicator will be created for each specified value, this is required, the format of this field is dependant on the indicator type selected, e.g. “1.2.3.4” for the indicator type “IPv4 Address”
  • TLP - The appropriate TLP value, this is required, e.g. “GREEN”
  • Kill chain - One or more kill chain values the indicators should be associated with, at least one value is required, e.g. “Weaponization” and “Delivery”

The Attribution tab contains the following attributes:

  • References - One or more references indicators should be associated with, this is optional, to specify a value enter it into the field and click the [ENTER] key, this field can be used to link indicators to items such as support tickets, incidents and vulnerabilities
  • Sources - Zero or more sources indicators should be associated with, this is optional
  • Campaigns - Zero or more campaigns indicators should be associated with, this is optional

Refer to the Introduction / The Cyber Kill Chain for more details on what kill chain values are available, and refer to the Introduction / The Traffic Light Protocol section for details on what TLP values are available.

Click the Save button to save changes to the indicator.

Delete an Indicator

NOTE This is a destructive operation which cannot be undone.

Indicators are deleted using the Delete an indicator dialog. This can be accessed by clicking the delete control (the cross icon) displayed to the right of an indicators value when hovering over an indicator in the Intel / Indicators page. This will only be accessible if the currently authenticated user has been given permission to manage indicators for all the sources associated with the indicator.

The delete dialog prompts whether the indicator should be deleted.

Click the Delete button to confirm the indicator should be deleted, after which the indicator will be deleted.

Intel / Signatures

Working with Signatures

Signatures are viewed and managed under the Intel / Signatures page by clicking the IntelDB link displayed in the top menu bar and selecting the Signatures link displayed in the Intel page.

The Intel / Signatures page will display a table of all defined signatures which the currently authenticated user has been given permission to view.

NOTE All signatures will be displayed if the currently authenticated user is a product administrator.

The following columns are displayed in the table for each signature:

  • Name - Signature name, this is used to identify a signature and makes the signature unique among other signatures
  • Type - The signatures type, e.g. “yara” or “generic”
  • Created - A string indicating when the signature was created, and by which user, e.g. “2 days ago by stephen”, hovering over this field will result in a tooltip being displayed which contains the exact date and time the signature was created
  • Modified - A string indicating when the signature was last modified, and by which user, e.g. “2 days ago by silvia”, hovering over this field will result in a tooltip being displayed which contains the exact date and time the signature was last modified
  • TLP - TLP value associated with the signature, e.g. “WHITE” or “RED”
  • Kill chain - A comma separated list of assigned kill chain values, e.g. “Reconnaissance, Command & Control”
  • References - A comma separated list of assigned references, e.g. “ticket-123, change-456, incident-789”
  • Sources - A comma separated list of assigned sources, e.g. “Internal, Public”
  • Campaigns - A comma separated list of assigned campaigns, e.g. “Finger Mouse Phishing, Danger Mouse Phishing”

Signatures are displayed in the table as pages. By default 50 signatures are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of signatures exported to CSV. Hovering over any of these controls will display a tooltip indicating the specific function of a control.

The table can be sorted by Name, Type, Created and Modified. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against a signatures name, type, value, TLP, kill chain and references fields.

The list of signatures to display can be filtered by a specific source and/or a specific campaign. This is achieved by clicking the Sources and Campaigns column headers, selecting the appropriate item from the dropdown list displayed. These filters can be cleared by clicking the cross displayed to the right of the Sources and Campaigns column headers.

The link Add a signature will be displayed to the top right of the table if the currently authenticated user has been assigned permission to manage signatures for at least one source. Upon clicking this link the Add signature dialog will be displayed. See the Intel / Signatures / Add a Signature section for details on this dialog and adding signatures.

Upon hovering over a row in the table a number of controls will be displayed to the right of an signatures name depending on what permissions have been assigned to the currently authenticated user. Hovering over a control will result in a tooltip being displayed describing the function of a tooltip.

An edit control (a pencil icon) will be displayed if permissions have been assigned to manage signatures for all the sources assigned to an signature. Upon clicking the edit control the Edit signature dialog will be displayed. See the Intel Signatures / Edit a Signature section for details on this dialog and editing a signature.

A clone control (a double paper icon) will be displayed if permissions have been assigned to manage signatures for at least one source. Upon clicking the clone control the Add signature dialog will be displayed, and the fields populated with the attributes of the signature for which the clone control was clicked. See the Intel Signatures / Add a Signature section for details on this dialog and adding signatures.

A delete control (a cross icon) will be displayed if permissions have been assigned to delete a signature. Upon clicking the delete control the Delete signature dialog will be displayed. See the Intel / Signatures / Delete a Signature section for details on this dialog and deleting an signature.

A control show/hide value control (a list icon) will always be displayed. Upon clicking the show/hide value control the signatures value will displayed in place of all columns but the signatures “Name” column. Clicking the control again will hide the value.

Add Signature

Signatures are added using the Add a signature dialog. This can be accessed by clicking the Add a signature link displayed in the Intel / Signatures page, or by using the clone control (the double paper icon) displayed next to a signatures name in the Intel / Signatures page. These will only be accessible if the currently authenticated user has been given permission to manage signatures for at least one source.

Two tabs are displayed in this dialog.

The Signature configuration tab contains the following attributes:

  • Type - The signature type, this is required, e.g. “yara” or “generic”
  • Value - The signatures value, this is required, the format of this field is dependant on the signature type selected
  • Name - The name used to identify the signature in IntelDB, this is required, the name field is unique to the signature, unlike indicators for example, a signatures value is not unique
  • TLP - The appropriate TLP value, this is required, e.g. “GREEN”
  • Kill chain - One or more kill chain values the signature should be associated with, at least one value is required, e.g. “Weaponization” and “Delivery”

The Attribution tab contains the following attributes:

  • References - One or more references the signature should be associated with, this is optional, to specify a value enter it into the field and click the [ENTER] key, this field can be used to link the signature to items such as support tickets, incidents and vulnerabilities
  • Sources - Zero or more source the signature should be associated with, this is optional
  • Campaigns - Zero or more campaigns the signature should be associated with, this is optional

Refer to the Introduction / The Cyber Kill Chain for more details on what kill chain values are available, and refer to the Introduction / The Traffic Light Protocol section for details on what TLP values are available.

If the signature type is “yara” a third tab titled Validate tab is also displayed. This tab is disabled unless all input fields are valid. This tab contains a button which can be utilised to validate the syntax of the signature. When the “Validate signature” button is clicked the syntax of the signature will be validated, and any errors or warnings displayed. Note that signatures are validated in isolation, and if a signature depends on other signatures for example, one or errors may be generated as a result.

Once all required attributes have been specified the Add button will be enabled, and once clicked the signature will be added.

NOTE If you attempt to add an signature which already exists, and you do not have permissions to manage the sources associated with the existing signature, the server will respond with a HTTP “Forbidden” response. Correct the issue and simply click the Add button again.

Edit a Signature

Signatures are edited using the Edit signature dialog. This can be accessed by clicking the edit control (the pencil icon) displayed to the right of a signatures name when hovering over a signature in the Intel / Signatures page. This will only be accessible if the currently authenticated user has been given permission to manage signatures for all the sources associated with the signature.

Two tabs are displayed in this dialog.

The Signature configuration tab contains the following attributes:

  • Type - The signature type, this is required, e.g. “yara” or “generic”
  • Value - The signatures value, this is required, the format of this field is dependant on the signature type selected
  • Name - The name used to identify the signature in IntelDB, this is required, the name field is unique to the signature, unlike indicators for example, a signatures value is not unique
  • TLP - The appropriate TLP value, this is required, e.g. “GREEN”
  • Kill chain - One or more kill chain values the signature should be associated with, at least one value is required, e.g. “Weaponization” and “Delivery”

The Attribution tab contains the following attributes:

  • References - One or more references the signature should be associated with, this is optional, to specify a value enter it into the field and click the [ENTER] key, this field can be used to link the signature to items such as support tickets, incidents and vulnerabilities
  • Sources - Zero or more source the signature should be associated with, this is optional
  • Campaigns - Zero or more campaigns the signature should be associated with, this is optional

Refer to the Introduction / The Cyber Kill Chain for more details on what kill chain values are available, and refer to the Introduction / The Traffic Light Protocol section for details on what TLP values are available.

If the signature type is “yara” a third tab titled Validate tab is also displayed. This tab is disabled unless all input fields are valid. This tab contains a button which can be utilised to validate the syntax of the signature. When the “Validate signature” button is clicked the syntax of the signature will be validated, and any errors or warnings displayed. Note that signatures are validated in isolation, and if a signature depends on other signatures for example, one or errors may be generated as a result.

Click the Save button to save changes to the signature.

Delete a Signature

NOTE This is a destructive operation which cannot be undone.

Signatures are deleted using the Delete a signature dialog. This can be accessed by clicking the delete control (the cross icon) displayed to the right of a signatures name when hovering over an signature in the Intel / Signatures page. This will only be accessible if the currently authenticated user has been given permission to manage signatures for all the sources associated with the signature.

The delete dialog prompts whether the signature should be deleted.

Click the Delete button to confirm the signature should be deleted, after which the signature will be deleted.

Intel / Targets

Working with Targets

Targets are viewed and managed under the Intel / Targets page by clicking the IntelDB link displayed in the top menu bar and selecting the Targets link displayed under the Intel page.

The Intel / Targets page will display a table of all defined targets which the currently authenticated user has been given permission to view.

NOTE All targets will be displayed if the currently authenticated user is a product administrator.

The following columns are displayed in the table for each target:

  • Value - Target value, the format of this field will be specific to an targets type, e.g. the dotted quad IP address “host1” for the target type “Host”
  • Type - The targets type, e.g. “Host” or “User”
  • Created - A string indicating when the target was created, and by which user, e.g. “2 days ago by stephen”, hovering over this field will result in a tooltip being displayed which contains the exact date and time the target was created
  • Modified - A string indicating when the target was last modified, and by which user, e.g. “2 days ago by silvia”, hovering over this field will result in a tooltip being displayed which contains the exact date and time the target was last modified
  • TLP - TLP value associated with the target, e.g. “WHITE” or “RED”
  • References - A comma separated list of assigned references, e.g. “ticket-123, change-456, incident-789”
  • Sources - A comma separated list of assigned sources, e.g. “Internal, Public”
  • Campaigns - A comma separated list of assigned campaigns, e.g. “Finger Mouse Phishing, Danger Mouse Phishing”

Targets are displayed in the table as pages. By default 50 targets are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of targets exported to CSV. Hovering over any of these controls will display a tooltip indicating the specific function of a control.

The table can be sorted by Value, Type, Created and Modified. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against a targets value, type and references fields.

The list of targets to display can be filtered by a specific source and/or a specific campaign. This is achieved by clicking the Sources and Campaigns column headers, selecting the appropriate item from the dropdown list displayed. These filters can be cleared by clicking the cross displayed to the right of the Sources and Campaigns column headers.

The link Add targets will be displayed to the top right of the table if the currently authenticated user has been assigned permission to manage targets for at least one source. Upon clicking this link the Add targets dialog will be displayed. See the Intel / Targets / Add Targets section for details on this dialog and adding targets.

Upon hovering over a row in the table a number of controls will be displayed to the right of a targets value depending on what permissions have been assigned to the currently authenticated user. Hovering over a control will result in a tooltip being displayed describing the function of a tooltip.

An edit control (a pencil icon) will be displayed if permissions have been assigned to manage targets for all the sources assigned to a target. Upon clicking the edit control the Edit target dialog will be displayed. See the Intel / Targets / Edit an Target section for details on this dialog and editing a target.

A clone control (a double paper icon) will be displayed if permissions have been assigned to manage targets for at least one source. Upon clicking the clone control the Add targets dialog will be displayed, and the fields populated with the attributes of the target for which the clone control was clicked. See the Intel / Targets / Add Targets section for details on this dialog and adding targets.

A delete control (a cross icon) will be displayed if permissions have been assigned to delete a target. Upon clicking the delete control the Delete target dialog will be displayed. See the Intel / Targets / Delete a Target section for details on this dialog and deleting a target.

Add Targets

Targets are added using the Add targets dialog. This can be accessed by clicking the Add targets link displayed in the Intel / Targets page, or by using the clone control (the double paper icon) displayed next to a targets value in the Intel / Targets page. These will only be accessible if the currently authenticated user has been given permission to manage targets for at least one source.

Two tabs are displayed in this dialog.

The Target configuration tab contains the following attributes:

  • Type - The target type, this is required, e.g. “Host” or “User”
  • Values - One or more target values, one per line, a target will be created for each specified value, this is required, the format of this field is dependant on the target type selected, e.g. “host1” for the target type “Host”
  • TLP - The appropriate TLP value, this is required, e.g. “GREEN”

The Attribution tab contains the following attributes:

  • References - One or more references targets should be associated with, this is optional, to specify a value enter it into the field and click the [ENTER] key, this field can be used to link targets to items such as support tickets, incidents and vulnerabilities
  • Sources - Zero or more sources targets should be associated with, this is optional
  • Campaigns - Zero or more campaigns targets should be associated with, this is optional

As each value specified is processed a search will be performed to determine if a target using that value already exists. If no target was found a new target using all provided fields will be added.

If an existing target was found, the following values specified will be associated with the existing target if they are not already associated:

  • References
  • Sources
  • Campaigns

For the TLP field, the new TLP value specified will override the existing TLP value if is determined to take precedence. For example, if the existing TLP value is “RED” and the new value was specified as “GREEN” the target will have the TLP value “GREEN” assigned once the target has been modified. When selecting a TLP value from the TLP field values displayed towards the bottom of the list take precedence over values displayed towards the top of the list.

Refer to the Introduction / The Traffic Light Protocol section for details on what TLP values are available.

Once all required attributes have been specified the Add button will be enabled, and once clicked a target will be added for each value specified.

The dialog will display a status message towards the bottom of the Add targets dialog informing of which target value is currently being processed.

NOTE If you attempt to add a target which already exists, and you do not have permissions to manage the sources associated with the existing target, the server will respond with a HTTP “Forbidden” response. Correct the issue and simply click the Add button again. The dialog will simply process all targets again until completion.

Edit a Target

Targets are edited using the Edit target dialog. This can be accessed by clicking the edit control (the pencil icon) displayed to the right of a targets value when hovering over a target in the Intel / Targets page. This will only be accessible if the currently authenticated user has been given permission to manage targets for all the sources associated with the target.

Two tabs are displayed in this dialog.

The Target configuration tab contains the following attributes:

  • Type - The target type, this is required, e.g. “Host” or “User”
  • Values - One or more target values, one per line, a target will be created for each specified value, this is required, the format of this field is dependant on the target type selected, e.g. “host1” for the target type “Host”
  • TLP - The appropriate TLP value, this is required, e.g. “GREEN”

The Attribution tab contains the following attributes:

  • References - One or more references targets should be associated with, this is optional, to specify a value enter it into the field and click the [ENTER] key, this field can be used to link targets to items such as support tickets, incidents and vulnerabilities
  • Sources - Zero or more sources targets should be associated with, this is optional
  • Campaigns - Zero or more campaigns targets should be associated with, this is optional

Refer to the Introduction / The Traffic Light Protocol section for details on what TLP values are available.

Click the Save button to save changes to the target.

Delete a Target

NOTE This is a destructive operation which cannot be undone.

Targets are deleted using the Delete a target dialog. This can be accessed by clicking the delete control (the cross icon) displayed to the right of a targets value when hovering over a target in the Intel / Targets page. This will only be accessible if the currently authenticated user has been given permission to manage targets for all the sources associated with the target.

The delete dialog prompts whether the target should be deleted.

Click the Delete button to confirm the target should be deleted, after which the target will be deleted.

Intel / Sources

Working with Sources

Sources are viewed and managed under the Intel / Sources page by clicking the IntelDB link displayed in the top menu bar and selecting the Sources link displayed under the Intel page.

Sources are used to control access to indicators and targets in IntelDB. Users will be permitted to view indicators and targets associated with any of the sources they have been permitted to view. Note that if an indicator or target has multiple sources associated, a user will be permitted to view the indicator or target if they have been permitted to view at least one of the sources.

A user can also be granted permission to manage indicators or targets associated with a source. This will permit a user to add, edit and delete indicators or targets. Note that if an indicator or target has multiple sources a user will only be permitted to manage an indicator or target if they have been permitted to manage indicators or targets for all associated sources.

The Intel / Sources page will display a table of all defined sources which the currently authenticated user has been given permission to view.

NOTE All sources will be displayed if the currently authenticated user is a product administrator.

The following columns are displayed in the table for each source:

  • Name - The sources name

Sources are displayed in the table as pages. By default 50 sources are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of sources exported to CSV. Hovering over any of these controls will display a tooltip indicating the specific function of a control.

The table can be sorted by Name. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against a sources name.

The link Add a source will be displayed in the Intel / Sources page if the currently authenticated user has been assigned permission to add new source. Upon clicking this link the Add a source dialog will be displayed. See the Intel / Sources / Add a Source section for details on this dialog and adding a source.

Upon hovering over a row in the table a number of controls will be displayed to the right of a sources name depending on what permissions have been assigned to the currently authenticated user. Hovering over a control will result in a tooltip being displayed describing the function of a tooltip.

An edit control (a pencil icon) will be displayed if permissions have been assigned to edit a source. Upon clicking the edit control the Edit source dialog will be displayed. See the Intel / Sources / Edit a Source section for details on this dialog and editing a source.

A clone control (a double paper icon) will be displayed if permissions have been assigned to add new sources. Upon clicking the clone control the Add a source dialog will be displayed, and the new sources attributes populated with the attributes of the source for which the clone control was clicked. See the Intel / Sources / Add a Source section for details on this dialog and adding a source.

A delete control (a cross icon) will be displayed if permissions have been assigned to delete a source. Upon clicking the delete control the Delete source dialog will be displayed. See the Intel / Sources / Delete a Source section for details on this dialog and deleting a source.

Add a Source

Sources are added using the Add a source dialog. This can be accessed by clicking the Add a source link displayed in the Intel / Sources page, or by using the clone control (the double paper icon) displayed next to a sources name in the Intel / Sources page. These will only be accessible if the currently authenticated user has been given permission to add new sources.

Two tabs are displayed in this dialog.

The Source configuration tab contains the following attributes:

  • Name - Name assigned to the source, this is required and there are no restrictions on this field, e.g. “Internal”

The Permissions tab is used to specify which users and groups have permission to view, edit, delete and/or manage indicators for the source.

NOTE All product administrators will have full access to every source. Permissions specified under the Permissions tab apply to all users excluding product administrators.

If the currently authenticated user is a product administrator no permissions will be defined under the Permissions tab by default.

If the currently authenticated user is not a product administrator then a set of default permissions will be defined by default as follows:

  • Currently authenticated user - Given edit, delete, and manage-indicators access
  • All groups assigned to the currently authenticated user - Given edit, delete and manage-indicators access

Permissions can be assigned to other users and groups by clicking the Add users & groups link displayed in under the Permissions tab. This will result in the User & group selector being displayed, from which the required users and groups can be searched and selected.

Once a number of users and/or groups have been selected the Access levels textbox displayed to the right of each item can be used to specify what access an item has. Assignable permissions are “edit”, “delete” and “manage-indicators”. Any item selected and listed in the Permissions tab will automatically be granted the ability to view the source.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Once all required attributes have been specified the Add button will be enabled, and once clicked the source will be added.

Edit a Source

Sources are edited using the Edit source dialog. This can be accessed by clicking the edit control (the pencil icon) displayed to the right of a sources name when hovering over a source in the Intel / Sources page. These will only be accessible if the currently authenticated user has been given permission to edit the source.

Two tabs are displayed in this dialog.

The Source configuration tab contains the following attributes:

  • Name - Name assigned to the source, this is required and there are no restrictions on this field, e.g. “Internal”

The Permissions tab is used to specify which users and groups have permission to view, edit, delete and/or manage indicators for the source.

NOTE All product administrators will have full access to every source. Permissions specified under the Permissions tab apply to all users excluding product administrators.

Permissions can be assigned to other users and groups by clicking the Add users & groups link displayed in under the Permissions tab. This will result in the User & group selector being displayed, from which the required users and groups can be searched and selected.

Once a number of users and/or groups have been selected the Access levels textbox displayed to the right of each item can be used to specify what access an item has. Assignable permissions are “edit”, “delete” and “manage-indicators”. Any item selected and listed in the Permissions tab will automatically be granted the ability to view the source.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Click the Save button to save changes to the source.

Delete a Source

NOTE This is a destructive operation which cannot be undone.

Sources are deleted using the Delete a source dialog. This can be accessed by clicking the delete control (the cross icon) displayed to the right of a sources name when hovering over a source in the Intel / Sources page. This will only be accessible if the currently authenticated user has been given permission to delete the source.

The delete dialog prompts whether the source should be deleted.

Click the Delete button to confirm the source should be deleted, after which the source will be deleted.

Intel / Campaigns

Working with Campaigns

Campaigns are viewed and managed under the Intel / Campaigns page by clicking the IntelDB link displayed in the top menu bar and selecting the Campaigns link displayed under the Intel page.

The Intel / Campaigns page will display a table of all defined campaigns which the currently authenticated user has been given permission to view.

NOTE All campaigns will be displayed if the currently authenticated user is a product administrator.

The following columns are displayed in the table for each campaign:

  • Name - The campaigns name

Campaigns are displayed in the table as pages. By default 50 campaigns are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of campaigns exported to CSV. Hovering over any of these controls will display a tooltip indicating the specific function of a control.

The table can be sorted by Name. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against a campaigns name.

The link Add a campaign will be displayed in the Intel / Campaigns page if the currently authenticated user has been assigned permission to add new campaign. Upon clicking this link the Add a campaign dialog will be displayed. See the Intel / Campaigns / Add a Campaign section for details on this dialog and adding a campaign.

Upon hovering over a row in the table a number of controls will be displayed to the right of a campaigns name depending on what permissions have been assigned to the currently authenticated user. Hovering over a control will result in a tooltip being displayed describing the function of a tooltip.

An edit control (a pencil icon) will be displayed if permissions have been assigned to edit a campaign. Upon clicking the edit control the Edit campaign dialog will be displayed. See the Intel / Campaigns / Edit a Campaign section for details on this dialog and editing a campaign.

A clone control (a double paper icon) will be displayed if permissions have been assigned to add new campaigns. Upon clicking the clone control the Add a campaign dialog will be displayed, and the new campaigns attributes populated with the attributes of the campaign for which the clone control was clicked. See the Intel / Campaigns / Add a Campaign section for details on this dialog and adding a campaign.

A delete control (a cross icon) will be displayed if permissions have been assigned to delete a campaign. Upon clicking the delete control the Delete campaign dialog will be displayed. See the Intel / Campaigns / Delete a Campaign section for details on this dialog and deleting a campaign.

Add a Campaign

Campaigns are added using the Add a campaign dialog. This can be accessed by clicking the Add a campaign link displayed in the Campaigns page, or by using the clone control (the double paper icon) displayed next to a campaigns name in the Campaigns page. These will only be accessible if the currently authenticated user has been given permission to add new campaigns.

Two tabs are displayed in this dialog.

The Campaign configuration tab contains the following attributes:

  • Name - Name assigned to the campaign, this is required and there are no restrictions on this field, e.g. “Roland Rat”

The Permissions tab is used to specify which users and groups have permission to view, edit, and/or delete the campaign.

NOTE All product administrators will have full access to every campaign. Permissions specified under the Permissions tab apply to all users excluding product administrators.

If the currently authenticated user is a product administrator no permissions will be defined under the Permissions tab by default.

If the currently authenticated user is not a product administrator then a set of default permissions will be defined by default as follows:

  • Currently authenticated user - Given edit and delete access
  • All groups assigned to the currently authenticated user - Given edit and delete access

Permissions can be assigned to other users and groups by clicking the Add users & groups link displayed in under the Permissions tab. This will result in the User & group selector being displayed, from which the required users and groups can be searched and selected.

Once a number of users and/or groups have been selected the Access levels textbox displayed to the right of each item can be used to specify what access an item has. Assignable permissions are “edit” and “delete”. Any item selected and listed in the Permissions tab will automatically be granted the ability to view the campaign.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Once all required attributes have been specified the Add button will be enabled, and once clicked the campaign will be added.

Edit a Campaign

Campaigns are edited using the Edit campaign dialog. This can be accessed by clicking the edit control (the pencil icon) displayed to the right of a campaigns name when hovering over a campaign in the Intel / Campaigns page. These will only be accessible if the currently authenticated user has been given permission to edit the campaign.

Two tabs are displayed in this dialog.

The Campaign configuration tab contains the following attributes:

  • Name - Name assigned to the campaign, this is required and there are no restrictions on this field, e.g. “Roland Rat”

The Permissions tab is used to specify which users and groups have permission to view, edit, and/or delete the campaign.

NOTE All product administrators will have full access to every campaign. Permissions specified under the Permissions tab apply to all users excluding product administrators.

Permissions can be assigned to other users and groups by clicking the Add users & groups link displayed in under the Permissions tab. This will result in the User & group selector being displayed, from which the required users and groups can be searched and selected.

Once a number of users and/or groups have been selected the Access levels textbox displayed to the right of each item can be used to specify what access an item has. Assignable permissions are “edit” and “delete”. Any item selected and listed in the Permissions tab will automatically be granted the ability to view the campaign.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Click the Save button to save changes to the campaign.

Delete a Campaign

NOTE This is a destructive operation which cannot be undone.

Campaigns are deleted using the Delete a campaign dialog. This can be accessed by clicking the delete control (the cross icon) displayed to the right of a campaigns name when hovering over a campaign in the Intel / Campaigns page. This will only be accessible if the currently authenticated user has been given permission to delete the campaign.

The delete dialog prompts whether the campaign should be deleted.

Click the Delete button to confirm the campaign should be deleted, after which the campaign will be deleted.

Admin / Users

Working with Users

Users are viewed and managed under the Admin / Users page by clicking the Admin link displayed in the top menu bar and selecting the Users link displayed in the Admin page.

NOTE Only product administrators can access Admin pages. If the currently authenticated user is not a product administrator the Admin link will not be displayed.

Users can be either product administrators or non-product administrators, i.e. a “standard user”. This is specified when adding/editing users. A user can be made a product administrator after it has been added. This level of access can also be revoked.

Product administrators have full access to the WebUI. Access for all non-product administrators is determined based on what access levels have been granted for the user, and all groups the user has been assigned to.

The Admin / Users page will display a table of all defined users.

The following columns are displayed in the table for each user:

  • Username - Login name with which the user will access the application
  • Admin - If the user is a product administrator a tick icon will be displayed, otherwise the column will be blank
  • Locked - If the user account has been locked (specified when adding/editing users) a tick icon will be displayed , otherwise the column will be blank
  • Assigned groups - A list of all the groups the user has been assigned to

Users are displayed in the table as pages. By default 50 users are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of users exported to CSV. Hovering over any of these controls will display a tooltip as to the specific function of a control.

The table can be sorted by Username. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against a users username.

The link Add a user will be displayed in the Admin / Users page. Upon clicking this link the Add a user dialog will be displayed. See the Admin / Users / Add a User section for details on this dialog and adding a user.

Upon hovering over a row in the table a number of controls will be displayed to the right of a users username. Hovering over a control will result in a tooltip being displayed describing the function of a tooltip.

An edit control (a pencil icon) will be displayed. Upon clicking the edit control the Edit user dialog will be displayed. See the Admin / Users / Edit a User section for details on this dialog and editing a user.

A clone control (a double paper icon) will be displayed. Upon clicking the clone control the Add a user dialog will be displayed, and the new users attributes populated with the attributes of the user for which the clone control was clicked. See the Admin / Users / Add a User section for details on this dialog and adding a user.

A delete control (a cross icon) will be displayed. Upon clicking the delete control the Delete user dialog will be displayed. See the Admin / Users / Delete a User section for details on this dialog and deleting a user.

Add a User

Users are added using the Add a user dialog. This can be accessed by clicking the Add a user link displayed in the Admin / Users page, or by using the clone control (the double paper icon) displayed next to a users username in the Admin / Users page.

Three tabs are displayed in this dialog.

The User configuration tab contains the following attributes:

  • Username - Login name with which the user will access the application, this is required, there are no restrictions on this field
  • Password - Password for the user, this is required, there are no restrictions on this field
  • Your current password is required to set the users password - To modify any password in IntelDB the password of the currently authenticated user must be provided, this is required
  • Admin user? - Check this checkbox is the user is a product administrator, if checked they will have unrestricted access to the product other than if the Account is locked? checkbox is checked
  • Account is locked? - If checked the user will not be permitted to login

Note that the users password must meet the currently configured complexity requirements, which by default is as follows:

  • Contain at least 1 upper case letter
  • Contain at least 1 lower case letter
  • Contain at least 1 number
  • Contain at least of the following characters: !@#$%^&*
  • Be at least 8 characters long

NOTE An administrator may modify the password complexity requirements. If the users password meets the above requirements but is not accepted by IntelDB the configuration should be consulted.

The list of groups the user is assigned to is specified under the Assigned groups tab. One or groups can be selected by clicking the Add groups link displayed under this tab. This will result in the Group selector being displayed, from which the required groups can be searched and selected.

This will result in a new row being added to the Assigned groups tab.

An unwanted group can be removed from the Assigned groups tab simply by clicking the delete control (the cross icon) displayed to the right of the group.

The Permissions tab is used to specify which objects the user is permitted to access and their access levels.

NOTE All product administrators will have full access to every object.

Access can be permitted to other objects by clicking the Add objects link displayed under the Permissions tab. This will result in the Permission object selector being displayed, from which the required objects can be searched and selected.

Once a number of objects have been selected the Access levels textbox displayed to the right of each item can be used to specify what access levels the user has to the object. Assignable permissions are dependant on object type, but will generally include “edit” and “delete”. The user will automatically be granted the ability to view any item selected and listed in the Permissions tab.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Once all required attributes have been specified the Add button will be enabled, and once clicked the user will be added.

Edit a User

Users are edited using the Edit user dialog. This can be accessed by clicking the edit control (the double paper icon) displayed to the right of a users username in the Admin / Users page.

Three tabs are displayed in this dialog.

The User configuration tab contains the following attributes:

  • Username - Login name with which the user will access the application, this is required, there are no restrictions on this field
  • Password - Password for the user, this is required, there are no restrictions on this field, this will be blank even though the user will have a password set, if a value is placed into this field the users password will be set to this value
  • Your current password is required to change the users password - To modify any password in IntelDB the password of the currently authenticated user must be provided, this is only required if the Password field contains a value
  • Admin user? - Check this checkbox is the user is a product administrator, if checked they will have unrestricted access to the product other than if the Account is locked? checkbox is checked
  • Account is locked? - If checked the user will not be permitted to login

Note that the users password must meet the currently configured complexity requirements, which by default is as follows:

  • Contain at least 1 upper case letter
  • Contain at least 1 lower case letter
  • Contain at least 1 number
  • Contain at least of the following characters: !@#$%^&*
  • Be at least 8 characters long

NOTE An administrator may modify the password complexity requirements. If the users password meets the above requirements but is not accepted by IntelDB the configuration should be consulted.

The list of groups the user is assigned to is specified under the Assigned groups tab. One or groups can be selected by clicking the Add groups link displayed under this tab. This will result in the Group selector being displayed, from which the required groups can be searched and selected.

This will result in a new row being added to the Assigned groups tab.

An unwanted group can be removed from the Assigned groups tab simply by clicking the delete control (the cross icon) displayed to the right of the group.

The Permissions tab is used to specify which objects the user is permitted to access and their access levels.

NOTE All product administrators will have full access to every object.

Access can be permitted to other objects by clicking the Add objects link displayed under the Permissions tab. This will result in the Permission object selector being displayed, from which the required objects can be searched and selected.

Once a number of objects have been selected the Access levels textbox displayed to the right of each item can be used to specify what access levels the user has to the object. Assignable permissions are dependant on object type, but will generally include “edit” and “delete”. The user will automatically be granted the ability to view any item selected and listed in the Permissions tab.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Click the Save button to save changes to the user.

Delete a User

NOTE This is a destructive operation which cannot be undone.

Users are deleted using the Delete user dialog. This can be accessed by clicking the delete control (the cross icon) displayed to the right of a users username when hovering over a user in the Admin / Users page.

The delete dialog prompts whether the user should be deleted.

Click the Delete button to confirm the user should be deleted, after which the user will be deleted.

Admin / Groups

Working with Groups

Groups are viewed and managed under the Admin / Groups page by clicking the Admin link displayed in the top menu bar and selecting the Groups link displayed in the Admin page.

NOTE Only product administrators can access Admin pages. If the currently authenticated user is not a product administrator the Admin link will not be displayed.

The Admin / Groups page will display a table of all defined groups.

The following columns are displayed in the table for each group:

  • Name - Name assigned to the group
  • No. users - Number of users who are assigned to this group

Groups are displayed in the table as pages. By default 50 groups are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of groups exported to CSV. Hovering over any of these controls will display a tooltip as to the specific function of a control.

The table can be sorted by Name. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against a groups name.

The link Add a group will be displayed in the Admin / Groups page. Upon clicking this link the Add a group dialog will be displayed. See the Admin / Groups / Add a Group section for details on this dialog and adding a group.

Upon hovering over a row in the table a number of controls will be displayed to the right of a groups. Hovering over a control will result in a tooltip being displayed describing the function of a tooltip.

An edit control (a pencil icon) will be displayed. Upon clicking the edit control the Edit group dialog will be displayed. See the Admin / Groups / Edit a Group section for details on this dialog and editing a group.

A clone control (a double paper icon) will be displayed. Upon clicking the clone control the Add a group dialog will be displayed, and the new groups attributes populated with the attributes of the group for which the clone control was clicked. See the Admin / Groups / Add a Group section for details on this dialog and adding a group.

A delete control (a cross icon) will be displayed. Upon clicking the delete control the Delete group dialog will be displayed. See the Admin / Groups / Delete a Group section for details on this dialog and deleting a group.

Add a Group

Groups are added using the Add a group dialog. This can be accessed by clicking the Add a group link displayed in the Admin / Groups page, or by using the clone control (the double paper icon) displayed next to a groups name in the Admin / Groups page.

Three tabs are displayed in this dialog.

The Group configuration tab contains the following attributes:

  • Name - Name assigned to the group, this is required, there are no restrictions on this field

The list of users the group has been assigned to is specified under the Assigned users tab. One or more users can be selected by clicking the Add users link displayed under this tab. This will result in the User selector being displayed, from which the required users can be searched and selected.

This will result in a new row being added to the Assigned users tab.

An unwanted user can be removed from the Assigned users tab simply by clicking the delete control (the cross icon) displayed to the right of the user.

The Permissions tab is used to specify which objects users assigned to the group is permitted to access and their access levels.

NOTE All product administrators will have full access to every object.

Access can be permitted to other objects by clicking the Add objects link displayed under the Permissions tab. This will result in the Permission object selector being displayed, from which the required objects can be searched and selected.

Once a number of objects have been selected the Access levels textbox displayed to the right of each item can be used to specify what access levels the group has to the object. Assignable permissions are dependant on object type, but will generally include “edit” and “delete”. Users assigned to the group will automatically be granted the ability to view any item selected and listed in the Permissions tab.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Once all required attributes have been specified the Add button will be enabled, and once clicked the group will be added.

Edit a Group

Groups are edited using the Edit group dialog. This can be accessed by clicking the edit control (the pencil icon) displayed to the right of the groups name in the Admin / Groups page.

Three tabs are displayed in this dialog.

The Group configuration tab contains the following attributes:

  • Name - Name assigned to the group, this is required, there are no restrictions on this field

The list of users the group has been assigned to is specified under the Assigned users tab. One or more users can be selected by clicking the Add users link displayed under this tab. This will result in the User selector being displayed, from which the required users can be searched and selected.

This will result in a new row being added to the Assigned users tab.

An unwanted user can be removed from the Assigned users tab simply by clicking the delete control (the cross icon) displayed to the right of the user.

The Permissions tab is used to specify which objects users assigned to the group is permitted to access and their access levels.

NOTE All product administrators will have full access to every object.

Access can be permitted to other objects by clicking the Add objects link displayed under the Permissions tab. This will result in the Permission object selector being displayed, from which the required objects can be searched and selected.

Once a number of objects have been selected the Access levels textbox displayed to the right of each item can be used to specify what access levels the group has to the object. Assignable permissions are dependant on object type, but will generally include “edit” and “delete”. Users assigned to the group will automatically be granted the ability to view any item selected and listed in the Permissions tab.

An unwanted permission can be removed from the Permissions tab simply by clicking the delete control (the cross icon) displayed to the right of the permission.

Click the Save button to save changes to the group.

Delete a Group

NOTE This is a destructive operation which cannot be undone.

Groups are deleted using the Delete group dialog. This can be accessed by clicking the delete control (the cross icon) displayed to the right of a groups name when hovering over a group in the Admin / Groups page.

The delete dialog prompts whether the group should be deleted.

Click the Delete button to confirm the group should be deleted, after which the group will be deleted.

Admin / Audit Log

The application audit log can be viewed under the Admin / Audit log page by clicking the Admin link displayed in the top menu bar and selecting the Audit log link displayed in the Admin page.

NOTE Only product administrators can access Admin pages. If the currently authenticated user is not a product administrator the Admin link will not be displayed.

The Admin / Audit log page will display a table of audit events.

The following columns are displayed in the table for each event:

  • Created at - Date and time the event was created
  • Created by - User who caused the event to be created
  • Action - What action was being requested, e.g. “add” or “delete”
  • Object type - The type of object related to the action, e.g. “user” or “group”
  • Data - A JSON formatted message detailing the audit event, for example when editing a user the users configuration is logged here

Events are displayed in the table as pages. By default 50 events are displayed at a time. This can be changed by adjusting the Limit and Offset options in the pagination controls displayed to the top right of the table.

Additionally, using these controls the next and previous pages can be loaded, the current page refreshed, and the entire list of events exported to CSV. Hovering over any of these controls will display a tooltip as to the specific function of a control.

The table can be sorted by Created at. This is achieved by clicking the corresponding column header. Clicking multiple times will alternate the sort order between ascending and descending.

A search control is also displayed to the top right of the table. Clicking the search control will toggle the display of a search field. Values in this field will be matched against the events created by, action, object type and data attributes.

Upon hovering over a row in the table a pretty print control (a list icon) will be displayed to the left of an events data attribute. Upon clicking the pretty print control the events data attribute will be reformatted so that it is easier to read.