- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-08-2024 07:37 AM
Hi,
using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform:
- Is it possible to restrict user permission to execute scripts/commands only via field changes in layouts?
- using the command !listExecutedCommands source=All I cannot see the commands launched by all users but only by those who execute the command. is there a way to see the commands any user has run?
- creating a python script with permissions to certain users, when I execute the command from inside the script demisto.executeCommand("ssh", {"host": "192.168.1.1", "cmd": "nslookup 8.8.8.8"}) if is executed via field change it gives me an error telling me that ssh integration must be enabled when I run it from the command line below with the symbol ! does it correctly. Is there a particular reason?
Thanks
Regards
01-08-2024 12:06 PM
Hi Francesco,
- Could you clarify what you mean by restricting permission to execute only upon field change, please?
- The command is meant to return commands that any user has executed in a particular investigation, hence its results are exclusive to the incident that the command is executed in. It is not meant to return a global list of commands and users
- Upon field change, the script runs with limited permissions. Can you try changing the 'Run as' configuration within the script settings to 'DBot' or 'Administrator' and perform your test again?
Thanks,
Rahul Vijaydev
01-09-2024 04:53 AM
Hi,
thanks so much for the replies.
I'll try to explain the various points:
- I wanted to understand if it was possible to allow the execution of commands only through change field scripts opened by the user and thus prevent the indiscriminate execution of the various commands.
- are there any logs to consult to understand which commands have been executed by users even within the playground?
- below are the images that show the behavior of the script:
Inside the script I executed this command:
and if I run this command from the command line it works fine:
but if I run it in relation to the modification of a field it gives me the following error:
Thanks
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!