Client Visibility Settings

To share the workload by priority or volume within the SOC, you can restrict access to certain clients from user accounts, thereby segmenting and assigning investigations to certain groups of threat hunters. An analyst without access to a client cannot perform any analysis tasks for that client.

Access to the Client Visibility Settings

In the top menu, select Settings. In the left panel, select Clients.

Create a New Group and Assign Clients

You configure the visibility settings by client groups. The SOC administrator must create as many client groups as access combinations are necessary for analysts. If a team of analysts needs to access clients 1, 2, and 4, and another team needs to access clients 2, 3, and 4, you must create two different access groups and assign the corresponding groups to each analyst’s user account.

A user account can have multiple client groups assigned. The accessible clients will be all clients belonging to groups assigned to the user account.

To view groups and their assigned clients:

  • In the top menu, select Settings. In the left panel, select Clients.

  • The Groups panel shows a list of all created groups and the number of clients in them.

  • The All clients special group is also shown. This group is used for managing groups as specified further on in this section.

  • To see the clients that belong to a group, click the group name. The client panel shows the names of the clients in the group, the unique identifier for each client, and the groups each client belongs to.

To create a new group and assign clients:

  • At the top of the page, click the icon in the Groups panel.

  • Enter a name for the group. click OK.

To delete a group:

  • Point the mouse to the name of the group you want to delete. A context menu opens.

  • Select Delete group.

If the group has already been assigned to a user account, the system shows an error message.

To rename a group:

  • Point the mouse to the group you want to rename. In the context menu, select Rename. A dialog box opens for you to enter the new name.

  • Enter the new name for the group. Click OK.

To assign new clients to an existing group:

  • In the Groups panel, select the All clients special group.

  • Click the icon to open the Search text box and find clients quickly.

  • Select the checkboxes next to the clients that you want to add to the group. In the toolbar, click Assign to group. The selected clients are added to the group.

To delete clients from a group:

  • In the Groups panel, select the group whose clients you want to delete. Select the clients.

  • In the toolbar, click Remove from group. A confirmation dialog box opens. Click OK. From that moment on, the user accounts with this group assigned cannot access the deleted client, except if the client belongs to another group also assigned to the user account.

To assign a client group to a user account:

  • In the top menu, select Settings. In the left panel, select Users. Select the Users tab. A list opens that shows all users created in Cytomic Orion.

  • Select a user. In the Clients the user has permission on section, click the icon. A dialog box opens that shows all created groups.

  • Select the checkboxes next to the groups the user account will have access to. Click OK. From that moment on, the user account has access to the data Cytomic Orion stores about the clients in the selected groups.

To assign all clients managed by the SOC to a user account:

  • In the top menu, select Settings. In the left panel, select Users. Select the Users tab. A list opens that shows all users created in Cytomic Orion.

  • Select a user. In the Clients the user has permission on section, click the icon. A dialog box opens that shows all created groups.

  • Choose the All clients special group, which contains all clients managed by the SOC. From that moment on, the user account has access to the data Cytomic Orion stores about all the clients managed by the SOC.