circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Manage Logpoint Users in Director

hashtag
Logpoint Users

Users access and use Logpoint, and are part of a user group. You can create users, assign them to user groups, activate/deactivate them, and change their passwords.

chevron-rightCreate Logpoint Usershashtag

  1. Go to Configure >> User Management >> Users.

  2. Select the LogPoint instance where you want to create the user. You cannot create users in multiple LogPoint instances at once.

  3. Click Next.

  4. Enter a Username.

  5. Enter a Password and re-enter it.

  6. Select a User Group. A user can be in multiple user groups.

  7. Enter the user’s First Name, Last Name, Email, and Timezone.

    circle-info

    You can view the logs collected at different intervals according to your timezone. If you work in Denmark and want to view the logs collected in England, you can view those logs in the Danish timezone.

  8. Click Next.

  9. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  10. Click Finish and click Ok.

circle-info

  • You must deactivate a user before deleting them.

  • When deleting a shared dashboard’s or alert rule’s or report template’s or search template’s owner, you can transfer the ownership to another user or Force Delete the shared resources. You can transfer the ownership from the transfer ownership panel while deleting the user.

Transferring Shared Resources’ Ownership

  • You cannot deactivate or delete plugin users from Director Console.

  • If you add a new plugin user to a LogPoint instance, refresh the LogPoint Users API from Operations >> Refresh List APIs to view the user.

  • If a user is locked, refresh the LogPoint Users API from Operations >> Refresh List APIs to view the user’s updated status.

  • Refer to the Users section to learn more about LogPoint users.

hashtag
Logpoint User Groups

User Groups allow you to group users and control what they have access to as a group. You can configure a user group’s permissions and assign a query to it. The permissions are applied to all the associated users. To learn more about user groups, go to User Groups.

chevron-rightCreate Logpoint User Groupshashtag

  1. Go to Configure >> User Management >> User Groups.

  2. Select the Logpoint instance where you want to create the user group. You cannot create user groups in multiple Logpoint instances at the same time.

  3. Click Next.

  4. Enter a Name and a Description.

  5. Enter a Universal Query. Logpoint appends the universal query so the results are relevant to members of the user group. This helps narrow down the search results specific to the user group.

    For example, if you enter col_type = syslog as a user group’s universal query and search the term login, the search query is equivalent to col_type = syslog and login for the users in this group. The system searches for login in the result set of col_type = syslog.

  6. Select a Permission Group.

  7. Under Object Permission, select the repos, device groups, devices, log sources and IP addresses from which the user group’s users can search the logs.

    1. Select All Permissions to allow the user group to access all the repos, device groups, devices, log sources and IP addresses of devices and logsources configured in Logpoint. If you select All Permissions, all repos, device groups, devices and log source permissions are granted to any new members of a user group added later.

    2. Click the All Permissions drop-down to select the Logpoint instances. Here, you can select All Repos to allow the user group to access all the repos of the Logpoint or select All Device Groups to allow the user group to access all device groups, devices, log sources and IP addresses of all the devices and log sources.

    3. Click the All Repos drop-down to select specific repos.

    4. Click the All Device Groups drop-down to select specific device groups, devices, log sources and IP addresses.

    The permissions can be All Selected, Some Selected, and None Selected. Select All Selected to grant all permissions to a user group. To grant permission to only some objects to a user group, select the relevant entities individually in Object Permission. To not grant permission at all, in Object Permission deselect or clear any objects selected.

circle-info

When you select All Selected for All Permissions, the object permissions persist for a Logpoint added to the Director later.

  1. Click Next.

  2. Review your changes. You can go Back and make any changes if necessary.

    circle-info

    Click Download Report to save a summary in PDF format.

  3. Click Finish and click Ok.

circle-info

Refresh the Logpoint User Groups API from Operations >> Refresh List APIs when you:

  • Add or delete distributed Logpoints.

  • Create, edit, or delete repos, device groups, devices, log sources and IP addresses.

  • Create or edit user groups.

hashtag
Permission Groups

Permission Groups allow you to control the access levels of users. You can group multiple permissions into a permission group and assign it to user groups. For more details, go to Permission Groups.

chevron-rightCreate Permission Groupshashtag

  1. Go to Configure >> User Management >> Permission Groups.

  2. Select a Logpoint to create permission groups. You can select multiple Logpoint instances of different pools.

  3. Click Next.

  4. Enter a Name and a Description.

  5. Under Site Permission Management, select the listed permission items and assign permissions as required: Read, Create, or Delete.

    circle-info

    • If you select Delete, then Read and Create are enabled by default.

    • If you select Create, then Read is enabled by default.

    • To configure SOAR specific permissions, enable SOAR for LogPoint from Configure >> Settings >> System >> General Settings. In case of multiple instances, SOAR must be enabled in all of the selected instances

  6. Click Next.

  7. Review your changes. You can go Back and make any changes if necessary.

    circle-info

    Click Download Report to save a summary of the selected permissions in PDF.

  8. Click Finish and click Ok.

hashtag
Incident User Groups

Incident User Groups manage incidents, including alert ownership, and overseeing access to incident details.

chevron-rightCreate Incident User Groupshashtag

  1. Go to Configure >> User Management >> Incident User Groups.

  2. Select the LogPoint instances where you want to add user groups to incident user groups or remove user groups from incident user groups. You can select multiple LogPoints instances of different pools.

  3. Click Next.

  4. Click the Add to List icon from the Action column to add a user group to the incident user group.

  5. Click Ok.

    You can remove a user group from the Incident User Groups list by clicking the Delete icon from the Action column.

circle-info

Refer to the Incident User Groups section to learn more about incident user groups.

Last updated

Was this helpful?