This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User Restriction and permission

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User Restriction and permission

FrancescoBarducci
L1 Bithead

‎01-08-2024 07:37 AM

Hi,

using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform:

- Is it possible to restrict user permission to execute scripts/commands only via field changes in layouts?

- using the command !listExecutedCommands source=All I cannot see the commands launched by all users but only by those who execute the command. is there a way to see the commands any user has run?

- creating a python script with permissions to certain users, when I execute the command from inside the script demisto.executeCommand("ssh", {"host": "192.168.1.1", "cmd": "nslookup 8.8.8.8"}) if is executed via field change it gives me an error telling me that ssh integration must be enabled when I run it from the command line below with the symbol ! does it correctly. Is there a particular reason?

 

Thanks

Regards

0 Likes Likes
2 REPLIES 2

RahulVijaydev
L3 Networker

‎01-08-2024 12:06 PM

Hi Francesco,

 

- Could you clarify what you mean by restricting permission to execute only upon field change, please?

- The command is meant to return commands that any user has executed in a particular investigation, hence its results are exclusive to the incident that the command is executed in. It is not meant to return a global list of commands and users

- Upon field change, the script runs with limited permissions. Can you try changing the 'Run as' configuration within the script settings to 'DBot' or 'Administrator' and perform your test again?

 

Thanks,

Rahul Vijaydev

 

 

 

0 Likes Likes

FrancescoBarducci
L1 Bithead
In response to RahulVijaydev

‎01-09-2024 04:53 AM

Hi,
thanks so much for the replies.
I'll try to explain the various points:
- I wanted to understand if it was possible to allow the execution of commands only through change field scripts opened by the user and thus prevent the indiscriminate execution of the various commands.
- are there any logs to consult to understand which commands have been executed by users even within the playground?
- below are the images that show the behavior of the script:
Inside the script I executed this command:

FrancescoBarducci_0-1704804640671.png

and if I run this command from the command line it works fine:

FrancescoBarducci_1-1704804725315.png

but if I run it in relation to the modification of a field it gives me the following error:

FrancescoBarducci_2-1704804764179.png

Thanks

Regards

0 Likes Likes
  • 538 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks