After you install the IBM®
QRadar® Use Case Manager app, you can share the app
with non-administrative users by adding it to a user role.
About this task
After you install QRadar Use Case
Manager,
it is displayed as a capability in the User Roles window on the
Admin tab. Capabilities are sets of permissions that user roles
have. To use the app, a QRadar
administrator must assign the app, and any other capabilities that it requires, to a user role.
Procedure
-
Click User Roles on the Admin tab.
-
On the User Roles window, select the user role that you want to assign the
app permissions to.
-
Select the checkbox for QRadar Use Case
Manager and the permissions in the
following table.
User permission |
Capabilities |
Offenses |
- View Custom Rules
- Read-only access to offense rules.
- Maintain Custom Rules
- Full access to offense rules, including ability to edit MITRE mappings.
|
Log Activity |
- View Custom Rules
- Read-only access to common, event, and anomaly rules.
- Maintain Custom Rules
- Full access to common, event, and anomaly rules, including ability to edit MITRE mappings.
|
Network Activity |
- View Custom Rules
- Read-only access to common, flow, and anomaly rules.
- Maintain Custom Rules
- Full access to common, flow, and anomaly rules, including ability to edit MITRE mappings.
|
Offenses |
The trend charts on the home page and the tuning active rules feature. |
Delegated Administration |
- Define Network hierarchy
- View and edit the Check Network Hierarchy page and any link that opens
Network Hierarchy.
- Manage Reference Data
- Edit reference sets.
|
Log Activity |
View and edit R2R (Remote to Remote) events and tuning based on CRE reports. |
The level of rule permissions assigned to a user affects what they can do
and see in the following pages:
- Use Case Explorer
- Active Rules
- Tuning home page
- CRE Event Report
- Network Hierarchy
- Host Definitions
-
Click Save, and then click Deploy Changes so that
your user role updates take effect.