https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/user-restriction-and-permission/m-p/572092#M2972 <P>Hi,</P> <P>using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform:</P> <P>-&nbsp;Is it possible to restrict user permission to execute scripts/commands only via field changes in layouts?</P> <P>-&nbsp;using the command !listExecutedCommands source=All I cannot see the commands launched by all users but only by those who execute the command. is there a way to see the commands any user has run?</P> <P>-&nbsp;creating a python script with permissions to certain users, when I execute the command from inside the script demisto.executeCommand("ssh", {"host": "192.168.1.1", "cmd": "nslookup 8.8.8.8"}) if is executed via field change it gives me an error telling me that ssh integration must be enabled when I run it from the command line below with the symbol ! does it correctly. Is there a particular reason?</P> <P>&nbsp;</P> <P>Thanks</P> <P>Regards</P> Mon, 08 Jan 2024 15:37:08 GMT FrancescoBarducci 2024-01-08T15:37:08Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/user-restriction-and-permission/m-p/572092#M2972 <P>Hi,</P> <P>using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform:</P> <P>-&nbsp;Is it possible to restrict user permission to execute scripts/commands only via field changes in layouts?</P> <P>-&nbsp;using the command !listExecutedCommands source=All I cannot see the commands launched by all users but only by those who execute the command. is there a way to see the commands any user has run?</P> <P>-&nbsp;creating a python script with permissions to certain users, when I execute the command from inside the script demisto.executeCommand("ssh", {"host": "192.168.1.1", "cmd": "nslookup 8.8.8.8"}) if is executed via field change it gives me an error telling me that ssh integration must be enabled when I run it from the command line below with the symbol ! does it correctly. Is there a particular reason?</P> <P>&nbsp;</P> <P>Thanks</P> <P>Regards</P> Mon, 08 Jan 2024 15:37:08 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/user-restriction-and-permission/m-p/572092#M2972 FrancescoBarducci 2024-01-08T15:37:08Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/user-restriction-and-permission/m-p/572162#M2978 <P>Hi Francesco,</P> <P>&nbsp;</P> <P>- Could you clarify what you mean by restricting permission to execute only upon field change, please?</P> <P>- The command is meant to return commands that any user has executed in a particular investigation, hence its results are exclusive to the incident that the command is executed in. It is not meant to return a global list of commands and users</P> <P>- Upon field change, the script runs with limited permissions. Can you try changing the 'Run as' configuration within the script settings to 'DBot' or 'Administrator' and perform your test again?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Rahul Vijaydev</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 08 Jan 2024 20:06:08 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/user-restriction-and-permission/m-p/572162#M2978 RahulVijaydev 2024-01-08T20:06:08Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/user-restriction-and-permission/m-p/572330#M2981 <P>Hi,<BR />thanks so much for the replies.<BR />I'll try to explain the various points:<BR />- I wanted to understand if it was possible to allow the execution of commands only through change field scripts opened by the user and thus prevent the indiscriminate execution of the various commands.<BR />- are there any logs to consult to understand which commands have been executed by users even within the playground?<BR />- below are the images that show the behavior of the script:<BR />Inside the script I executed this command:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FrancescoBarducci_0-1704804640671.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56361i8C83FCD37E5125EE/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="FrancescoBarducci_0-1704804640671.png" alt="FrancescoBarducci_0-1704804640671.png" /></span></P> <P>and if I run this command from the command line it works fine:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FrancescoBarducci_1-1704804725315.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56362iC65E5FEC607240BD/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="FrancescoBarducci_1-1704804725315.png" alt="FrancescoBarducci_1-1704804725315.png" /></span></P> <P>but if I run it in relation to the modification of a field it gives me the following error:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="FrancescoBarducci_2-1704804764179.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56363i94CCBA23C52B4385/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="FrancescoBarducci_2-1704804764179.png" alt="FrancescoBarducci_2-1704804764179.png" /></span></P> <P>Thanks</P> <P>Regards</P> Tue, 09 Jan 2024 12:53:19 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/user-restriction-and-permission/m-p/572330#M2981 FrancescoBarducci 2024-01-09T12:53:19Z