Custom POC Content

Summary:

This document describes two main enhancements for POC (Proof of Concept) images: an Admin Overview Dashboard and ACL-based user groups. The **Admin Overview Dashboard** is a simplified interface that displays key data points such as Top Event Sources, Top Users with Failed Logins, Most Frequent Ports, and Top Firewall Blocked Hosts By Port using four monitors taken from standard Express content. It includes screenshots demonstrating how to populate these monitors with relevant events. The **ACL-based user groups** have been introduced to better manage access control within the POC environment. These include roles such as OSAdmin, FWAdmin, NetAdmin, PCIAdmin, SOXAdmin, BusinessUser, and SecAdmin, each with specific ACLs that determine what data they can view or interact with. To modify these settings for a user, you right-click on their group and select "Edit Access Control." For organizations in the Try & Buy phase, if there are too many custom users, you have two options to manage them: manually delete each one individually or use bulk deletion through packages. Before deleting any user, ensure that all necessary content is transferred to another account.

Details:

This document outlines two custom content additions to POC (Proof of Concept) images: an "Admin Overview Dashboard" and ACL-based user groups. The **Admin Overview Dashboard** is a customized interface designed for easy understanding of displayed data, using four data monitors copied from standard Express content: Top Event Sources, Top Users with Failed Logins, Most Frequent Ports, and Top Firewall Blocked Hosts By Port. The dashboard includes screenshots showing how it can be populated with events. Additionally, **ACL-based user groups** have been created for POC images to manage access control more effectively. These include users such as OSAdmin (able to view OS dashboards, data monitors & events), FWAdmin (Firewall OS dashboards, data monitors & events), NetAdmin (Network and flow data), PCIAdmin, SOXAdmin, BusinessUser (Intrusion Monitoring & Configuration Monitoring dashboards, data monitors & events), and SecAdmin (Firewall, AV, IDS/IPS dashboards, data monitors & events). Each user has specific ACLs that limit their access to certain features based on the predefined roles. The document includes screenshots of the dashboard and users' active channels, illustrating how each feature is visualized and utilized within the POC environment. To manage and view ACLs for a specific user, right-click on their user group and select "Edit Access Control." You can also review and edit ACLs by viewing screenshots of the ACL for firewall dashboards and data monitors accessible to that user. If your organization is in a Try & Buy phase and you find excess custom users, you have two options: manually delete each user one at a time or bulk-delete all users through "Packages," right-clicking on the package, and choosing "Delete Package." Make sure to move any necessary content from deleted users to another account before deletion.