Default User Group Permissions
After signing in to the MetaDefender NDR web interface, by default, there are three user groups based on their product access permissions.
Users Group
Default product access permissions for the "Users" group are:
- Analysis (Read) - View the session data displayed on the Sessions, Threats, C2, Files, and Malware Events pages in the Analysis menu.
- Manual Scan - Perform the “manual scan” operation where you can manually upload files or raw traffic dumps to be scanned.
- Help - View a list of signatures and their details in the Knowledge Base menu.
Integrators Group
Default product access permissions for the "Integrators" group are:
- Analysis (Read) - View the session data displayed on the Sessions, Threats, C2, Files, and Malware Events pages in the Analysis menu.
- Manual Scan - Perform the “manual scan” operation where you can manually upload files or raw traffic dumps to be scanned.
- Globals (Read) - View the default options for configuring password complexity requirements, user accounts lockout options, upstream proxy, nameservers, database information retention and NTP server settings.
- Globals (Write) - Define the security disclaimer message to be displayed to the users, password complexity requirements, user accounts lockout options, upstream proxy, nameservers, database information retention and NTP server settings.
- Help - View a list of signatures and their details in the Knowledge Base menu.
Administrators Group
Administrators have all permissions to access all the product features. They can modify the above default user groups permissions anytime or add new user groups and specify different permission sets as required. In case of any additional permissions granted by the administrators, users or integrators will find the corresponding additional menu items with the access to the new features on the GUI.
Apart from the group permissions, administrators can also grant users with view/access permissions to specific collectors, subnets, and VLANs.