4.3. Web interface accounts and their management

GCenter enables access to:

Managing users and related groups
History of the changes on the platform (see this in the history part)
Linking with an LDAP server

4.3.1. Web Interface Accounts

4.3.1.1. List of groups

In the GCenter web interface, two different account types are defined by group membership:

operator

administrator

From the user account configuration menu, it is possible to create user accounts and belong to one or more groups and thus inherit the rights of each group.

Note

The proposed groups fully comply with the Military Programming Act.

Note

It is necessary to change the password from the first login and keep it in a safe place, for example, with the encryption keys of the appliances.

4.3.1.2. Generic accounts

Generic accounts have been defined with rights levels listed in the table below:

Generic Account Name	intended for a...	Group member
admin	access to all the functionalities of the analyst and administrator	operator and administrator

4.3.2. Functions allowed with the group or role `operator`

The Operator account can access all menus presents in "Detection strategy" and "health".

4.3.3. Functions authorized with the group or role `administrator`

The administrator account can access all menus presents in `administration` and `health`.

4.3.4. Functions allowed in the admin account

From the admin account, it is possible to access all the features present in the navigation bars and menus of the Web UI.

4.3.5. Summary tables of the menus per level

4.3.5.1. Main menu

Menu	Description	Operator	Administrator
GATEWATCHER logo	page `home` : general view of the GCenter	access	displays page Healthchecks
Home	page `home` : general view of the GCenter	access	displays page Healthchecks
Overview	`Global overview` page	access	displays page Healthchecks
Relations	`Relations` page showing the relationships between the elements on the network	access	displays page Healthchecks
Hunting	KIBANA user interface	access	access without data
Assets	`Assets` page showing the characteristics of the elements present on the network	access	displays page Healthchecks
Users	`Users` page showing the characteristics of the users on the network	access	displays page Healthchecks
Alerts	`Alerts` page showing the characteristics of the alerts displayed	access	displays page Healthchecks
Gscan	`GScans` page to run a scan on a specific file	access	displays page Healthchecks

4.3.5.2. Menu bar

4.3.5.2.1. The `Detection strategy` menu

The `Detection strategy` menu consists of the following:

Command	Description	Operator Group	Administrator Group
`Sigflow engine`: `Gcap profiles` command	Configuration of the sigflow engine by creating a Gcaps profile	Access	No access
`Sigflow engine`: `Metadata rate limiter` command	Metadata rate limiters	Access	No access
`Malware`: `Malcore` command	Engine configuration	Access	No access
`Malware`: `Malcore Retroanalyzer` command	Engine configuration	Access	No access
`Malware`: `YARA engine` command	Engine configuration	Access	No access
`Exploit`: `Malicious Powershell` command	Engine configuration	Access	No access
`Exploit`: `Shellcode` command	Engine configuration	Access	No access
`Sigflow rules manager`: `Sources` command	Sigflow rules manager, source management	Access	No access
`Sigflow rules manager`: `Rulesets` command	Sigflow rules manager, ruleset management	Access	No access
`Sigflow rules manager`: `Auto-threshold` command	Sigflow rules manager, management of thresholds	Access	No access
`Threat intel': ```Active CTI` command	Engine configuration	Access	No access
`Threat intel`: `Retro Hunt` command	Engine configuration	Access	No access
`Behaviour analysis`: `Ransomware` command	Engine configuration	Access	No access
`Assets and users detection`: `Configuration` command	Configuration of association rules	Access	No access
`C&C`: `DGA` command	Engine configuration	Access	No access
`C&C`: `Beacon` command	Engine configuration	Access	No access

4.3.5.2.2. `Health` menu

The `Health` menu consists of the following:

Command	Description	Operator Group	Administrator Group
`Monitoring`: `Main healthchecks` command	Visualization of the status of each type of detection	Access	Access
`Monitoring`: `Main healthchecks` command	Configuration of the sigflow engine by creating a Gcaps profile	Access	Access
`Monitoring`: `Advanced metrics` command	Visualization of the status of the various physical and software components of the solution	Access	Access

4.3.5.2.2.1. `Administration` menu

The `Administration` menu consists of the following:

Command	Description	Operator Group	Administrator Group
`Updates`: `Threat-DB update` command	Configuration of signature updates and/or anti-viral engines (update)	No access	Access
`Updates`: `Software update` command	Configuration of upgrades (or upgrade) and patches (or hotfix)	No access	Access
`Authentication`: `History` command	Configuration and visualization of event history	No access	Access
`Authentication`: `Users management` command	Manage local user accounts in GCenter	No access	Access
`Authentication`: `LDAP binding` command	Configuring the association between a GCenter and an LDAP server	No access	Access
`Authentication`: `API keys` command	API access token management	No access	Access
`Authentication`: `Password policy` command	Password policy management	No access	Access
`Third party`: `Aionbytes` command	Configuring the connection to the Intelligence site	No access	Access
`Third party`: `Reflex` command	Configuring the connection to the Reflex site	No access	Access
`Third party`: `MISP` command	Configuring the connection to the MISP site	No access	Access
`Gcap setup`: `Gcap Pairing` command	Configuring the GCap connection	No access	Access
`System`: `Licensing` command	Display information on current license, validity and available features.	No access	Access
`System`: `Network settings` command	Configuration of GCenter network settings	No access	Access
`System`: `Global settings` command	GCenter configuration	No access	Access
`Maintenance`: `System logs` command	Display of data present in the GCenter ElasticSearch indexes	No access	Access
`Maintenance`: `Diagnostics` command	Generation of files for diagnosis	No access	Access
`Backup and restore`: `Operation` command	Running backup or restore	No access	Access
`Data`: `Retention policy` command	Elasticsearch Data Retention Configuration	No access	Access
`Data`: `Data management` command	Management of GCenter data	No access	Access
`Data`: `Log export` command	Configuration of event export using syslog protocol	No access	Access
`Monitoring`: `Metrics export` command	Configure system data export to remote Netdata server	No access	Access
`Monitoring`: `Metrics polling` command	Configuring data access for a Nagios type monitoring server	No access	Access

4.3.5.2.3. `Help` menu

The `Help` menu consists of the following:

Command	Description	Operator Group	Administrator Group
`Documentation`: `API reference` command	Overview of the API	Access	Access
`Documentation`: `Online documentation` command	Access to online documentation	Access	Access
`External Resources`: `Gatewatcher Customer Portal` command	Access to the GATEWATCHER CUSTOMER PORTAL website	Access	Access
`External Resources`: `Gatewatcher support` command	Accessing https://support.gatewatcher.com/	Access	Access
`External Resources`: `Gatewatcher update repository` command	Accessing https://update.gatewatcher.com/update	Access	Access

4.3.6. Related principles

4.3.6.1. Authentication mode

A user's authentication is achieved by means of a login/password pair.

4.3.6.2. Password management

The current account manages its own password and potentially other accounts as well.

Details are provided in the table below:

User	can change the password
User	operator	administrator	admin
admin	X	X	X

4.3.6.3. Password management policy

The passwords entered must comply with the password management policy.

The policy is divided into the categories:

General settings
Specific password settings

These general parameters are:

Period of validity
Recording of previous password hashes

These specific parameters are the criteria that passwords must contain, such as lower case, upper case, and so on.
The details of these parameters and the graphical interface enabling the management of this policy are described in the `Password policy` screen.
For implementation, see the procedure Managing the password policy.

4.3.7. Creating local users

In addition to generic accounts, it is possible to create user accounts each having different rights.

Note

The proposed groups fully comply with the Military Programming Law.

When creating a new user account, it is possible to assign different roles to the user.
The role(s) the user is assigned will enable them to access more or less menus in the web interface.
Indeed, depending on the actions carried out, it will be necessary to assign a specific role.
The administrator fills in the following fields concerning the user they wish to create:

Username
Password
Email address
First Name
Last Name

It is also necessary to activate the account for it to be usable and to assign it the available roles: operator and/or administrator
These fields will be used later to trace the user in the connection history or in the event of changes concerning this same account.
The graphical interface enabling the creation of users is done in the `Users management` screen.
For implementation, see:

the Creating local users
the Changing some of a local user's information
the Resetting a local user's password
the Deleting a local user

4.3.8. LDAP integration / Active Directory

Authentication of the GCenter's user accounts can be managed by the GCenter as well as by a Lightweight Directory Access Protocol (LDAP) server.
Configuring the connection between the GCenter and the LDAP server is also done by the GCenter.
The main functions include:

Displaying the connection status
Enabling the connection to a remote authentication server
Managing connection information to a remote authentication server
Mapping of users and groups between the GCenter and the remote authentication server
Advanced configuration of the connection to a remote authentication server

The graphical interface enabling the creation of users is done in the `LDAP binding` screen.

For implementation, see:

4.3.9. Audit trail

The system records the various actions carried out in the web interface over time, in order to ensure traceability.

This traceability is carried out for:

Users' connection or disconnection
Creating and deleting accounts
Changing the permissions of an account

4.3.9.1. Authentication history function

The history of all authentications on the GCenter is available.
To view the graphical interface presentation, see the `History` screen.
For the implementation, refer to Viewing the authentication history.

4.3.9.2. Historical function of all creations or deletions

The history of all creations or deletions of GCenter users is available.

To view the graphical interface presentation, see the `History` screen.

4.3.9.3. History function for all changes in user rights

The history of all user permissions on the GCenter is available.

To view the graphical interface presentation, see the `History` screen.