Limit User Visibility with Entities

Applies to Product: USM Appliance™ AlienVault OSSIM®

In USM Appliance, you can limit user access to parts of the web UI by limiting visibility of assets and events with an entity.

USM Appliance uses entities to group assets and sensors from similar functional areas of an organization. This allows you to treat some assets differently from others in terms of which users have visibility into them and their events through the web interface. Using this method, you can, for example, limit the users of a given department to see only their department’s assets and events.

Note: Visibility configuration does not apply to Availability Monitoring, HIDS, or Vulnerability Scans. Because these functional areas are tied to each USM Appliance Sensor, you cannot limit their visibility to a subset of assets.

For a description of the UI elements on the Structure page, see Entities and Assets Structure Tree Fields.

To create a new entity

  1. In the USM Appliance web interface, go to Configuration > Administration > Users > Structure and click New Entity.

    New Entity page from Structure.

  2. Specify the name of the entity in the Name field.
  3. (Optional) Specify the address of the entity in the Address field.
  4. Select a parent correlation context or an entity from the Parent list.
  5. Select the time zone from the Timezone list.
  6. Associate assets or networks with the entity by selecting assets or networks from the asset tree.

    USM asset list tree on New Entitiy page.

    After you add assets, you can remove them by selecting an asset and clicking the [X] button. You can also remove all assets by clicking Remove All Assets.

  7. Associate a USM Appliance Sensor with the entity by selecting a sensor from the Sensor list tree.

    USM Sensor list on New Entitiy page.

    If you change your mind and need to delete a Sensor, click the [X] button. You can also remove all Sensors by clicking Remove All Sensors.

  8. Click Save.