Creating a security profile

To add user accounts, you must first create security profiles to meet the specific access requirements of your users.

About this task

IBM® QRadar® SIEM includes one default security profile for administrative users. The Admin security profile includes access to all networks, log sources, and domains.

To select multiple items on the Security Profile Management window, hold the Control key while you select each network or network group that you want to add.

If after you add networks, log sources or domains you want to remove one or more before you save the configuration, you can select the item and click the Remove (<) icon. To remove all items, click Remove All.

Procedure

  1. On the Admin tab, click Security Profiles.
  2. On the Security Profile Management window toolbar, click New.
  3. Configure the following parameters:
    1. In the Security Profile Name field, type a unique name for the security profile. The security profile name must have a minimum of 3 characters. In QRadar versions 7.5.0 UP5 and later, the profile name can have a maximum of 50 characters. In earlier versions, the name can have a maximum of 30 characters.
    2. OptionalType a description of the security profile. The maximum number of characters is 255.
  4. Click the Permission Precedence tab.
  5. In the Permission Precedence Setting pane, select a permission precedence option. See Permission precedence.
  6. Configure the networks that you want to assign to the security profile:
    1. Click the Networks tab.
    2. From the navigation tree in the left pane of the Networks tab, select the network that you want this security profile to have access to.
    3. Click the Add (>) icon to add the network to the Assigned Networks pane.
    4. Repeat for each network you want to add.
  7. Configure the log sources that you want to assign to the security profile:
    1. Click the Log Sources tab.
    2. From the navigation tree in the left pane, select the log source group or log source you want this security profile to have access to.
    3. Click the Add (>) icon to add the log source to the Assigned Log Sources pane.
    4. Repeat for each log source you want to add.
  8. Configure the domains that you want to assign to the security profile:
    Domains must be configured before the Domains tab appears.
    1. Click the Domains tab.
    2. From the navigation tree in the left pane, select the domain that you want this security profile to have access to.
    3. Click the Add (>) icon to add the domain to the Assigned Domains pane.
    4. Repeat for each domain that you want to add.
  9. Click Save.
    Note: The log sources and domains that are assigned to the security profile must match. If the log sources and domains do not match, you cannot save the security profile .
  10. Close the Security Profile Management window.
  11. On the Admin tab, click Deploy Changes.