Introducing basic Role-based Access Control (RBAC) support! The console now gives you fine-grained control over which users can access Capsule8’s detection and alerting capabilities. You can control who can view or manage: alerts, hosts, detection policies, and investigations queries. A few notes on this new feature:
All existing users are now assigned to an Admin role with all permissions
New users imported via 3rd-party SSO are assigned to a Basic role with limited permissions
Any new users created manually via the console can have their roles specified as desired in the UI
Passwords can now be edited in the UI
We’ve also added basic policy management via the console UI, building towards full, YAML-free policy management (soon!). If the sensor is configured to allow it, you can now view and update each host’s policies via a text editor in the console. A few notes on this new feature:
Each host requires its own policy configuration (for now)
This requires a 4.1.0+ version of the sensor to work
The sensor will look for configuration updates from the console at an interval of your choosing
Key Improvements
You can now track most actions taken within the console, including all API requests that constitute modifying, creating, or deleting. These actions are logged and displayed on a new audit page within the console for auditing purposes.
Need noise cancelling headphones for your alerts? By marking alerts as auditableEvent in a detection policy, they will be sent to a new tab, Events, in the Activity page, rather than showing up in the main alerts queue to help with noise reduction
You can now see alerts sent to GCP buckets within the console (not just S3 buckets!)
You may notice that the console web page is loading faster, which is due to caching improvements we made
Known Issues
When using RBAC, you still cannot assign permissions on per host basis
When managing policies via the console, you cannot update multiple host policies at once – it can only be updated on a per host basis
Comments
0 comments
Please sign in to leave a comment.