Authentication and authorization

You can use the native support for managing and authenticating users or integrate with external user management systems.

Note

You cannot log in to the ThreatLockDown WUI of your environment with your ThreatLockDown Cloud account credentials. To log in to ThreatLockDown WUI, use the default credentials from the ThreatLockDown Cloud Console page or the credentials of any user you already created in ThreatLockDown WUI.

Native support for users and roles

The ThreatLockDown WUI allows you to add users, create roles, and map roles to users. The following sections highlight more on this.

Creating an internal user and mapping it to Wazuh

Follow these steps to create an internal user and map it to its appropriate role.

  1. Log into your ThreatLockDown dashboard as administrator.

  2. Click the upper-left menu icon to open the options, go to Indexer/dashboard management > Security, and then Internal users to open the internal users' page.

  3. Click Create internal user, complete the empty fields with the requested information, and click Create to complete the action.

  4. Follow these steps to map the user to the appropriate role:

    1. Click the upper-left menu icon to open the options, go to Indexer/dashboard management > Security, select Roles to open the page, and click the role name selected to open the window.

    2. Select the Mapped users tab and click Manage mapping.

    3. Add the user you created in the previous steps and click Map to confirm the action.

  5. Follow these steps to map the user with Wazuh:

    1. Click the upper-left menu icon to open the options, go to Server management > Security, and then Roles mapping to open the page.

    2. Click Create Role mapping and complete the empty fields with the following parameters:

      • Role mapping name: Assign a name to the role mapping.

      • Roles: Select the ThreatLockDown roles that you want to map the user with.

      • Internal users: Select the internal user created previously.

    3. Click Save role mapping to save and map the user with Wazuh.

Creating and setting a ThreatLockDown admin user

Follow these steps to create an internal user, create a new role mapping, and give administrator permissions to the user.

  1. Log into your ThreatLockDown dashboard as administrator.

  2. Click the upper-left menu icon to open the options, go to Indexer/dashboard management > Security, and then Internal users to open the internal users' page.

  3. Click Create internal user, complete the empty fields with the requested information, and click Create to complete the action.

  4. Follow these steps to map the user to the appropriate role:

    1. Click the upper-left menu icon to open the options, go to Indexer/dashboard management > Security, and then Roles to open the roles page.

    2. Search for the all_access role in the roles list and select it.

    3. Click Actions and select Duplicate.

    4. Assign a name to the new role, then click Create to confirm the action.

    5. On the newly created role page, select the Mapped users tab and click Manage mapping.

    6. Add the user you created in the previous steps and click Map to confirm the action.

    Note

    Reserved roles are restricted for any permission customizations. You can create a custom role with the same permissions or duplicate a reserved role for further customization.

  5. Follow these steps to map the user with Wazuh:

    1. Click the upper-left menu icon to open the options, go to Server management > Security, and then Roles mapping to open the page.

    2. Click Create Role mapping and complete the empty fields with the following parameters:

      • Role mapping name: Assign a name to the role mapping.

      • Roles: Select administrator.

      • Internal users: Select the internal user created previously.

    3. Click Save role mapping to save and map the user with ThreatLockDown as administrator.

Creating and setting a ThreatLockDown read-only user

Follow these steps to create an internal user, create a new role mapping, and give read-only permissions to the user.

  1. Log into your WUI as administrator.

  2. Click the upper-left menu icon to open the options, go to Indexer/dashboard management > Security, and then Internal users to open the internal users' page.

  3. Click Create internal user, complete the empty fields with the requested information, and click Create to complete the action.

  4. Follow these steps to map the user to the appropriate role:

    1. Click the upper-left menu icon to open the options, go to Indexer/dashboard management > Security, and then Roles to open the roles page.

    2. Click Create role, complete the empty fields with the following parameters, and then click Create to complete the task.

      • Name: Assign a name to the role.

      • Cluster permissions: cluster_composite_ops_ro

      • Index: *

      • Index permissions: read

      • Tenant permissions: global_tenant and select the Read only option.

    3. Select the Mapped users tab and click Manage mapping.

    4. Add the user you created in the previous steps and click Map to confirm the action.

  5. Follow these steps to map the user with Wazuh:

    1. Click the upper-left menu icon to open the options, go to Server management > Security, and then Roles mapping to open the page.

    2. Click Create Role mapping and complete the empty fields with the following parameters:

      • Role mapping name: Assign a name to the role mapping.

      • Roles: Select readonly.

      • Internal users: Select the internal user created previously.

    3. Click Save role mapping to save and map the user with ThreatLockDown as read-only.

To add more read-only users, you can skip the role creation task and map the users to the already existing read-only role.

Integrating with external user management systems

You can configure ThreatLockDown to communicate with an external user management system such as LDAP to authenticate users. Open a support ticket through the Help section on your ThreatLockDown Cloud Console to perform this integration.