.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Manage Users with Roles and PermissionsManage Users with Roles and Permissions
A set of end-to-end procedures for managing users in NetWitness is described in this section. These steps explain how to add a user in NetWitness and then how to control what the user can do.
Manage Users WorkflowManage Users Workflow
This figure shows the high-level workflow for managing the users in NetWitness.
First, review the preconfigured NetWitness roles such as Administrators, Respond Administrators, Data Privacy Officers, SOC managers, Operators, Malware analysts, Analysts, and UEBA analysts. Determine if you need to make any adjustments to these roles for your environment. You can add new custom roles and assign permissions to each role. After you define the roles, you can verify the query and session attributes that are set for each role. Then you can set up the users by adding new users and assigning roles to them. You can also map external group users to the NetWitness roles.
These are the procedures for setting up and managing users:
WDDCS Tool
WDDCS is a command line utility for capturing discrete host and enclosure data for analysis and troubleshooting and performing common management functions such as upgrading firmware and configuring drive zones.
Installation
The WDDCS tool and its dependencies are already available on the NetWitness devices, so no additional installation steps are required.
- When a user runs the
wddcscommand for the first time, they must accept the End User License Agreement (EULA). wddcs/wddcs help: displays the version of the tool and the help menu.
wddcs commands
The wddcs help command is used to print the usage text (command syntax, operations, arguments, and explanations) for the following WDDCS Tool commands:
Some of the commonly used wddcs commands are listed below, and more detailed information on these commands can be found in the User Guide - WDDCS Tool available in the following location Ultrastar Data60 Hybrid Storage Platform.
wddcs show
The wddcs show command scans all enclosures and displays the following information:
- Product description
- Serial number
- Firmware revision
- Product name
wddcs getlog
- The
wddcs help getlogcommand provides various options used for extracting specific logs and their associated details.
- The
wddcs getlog allcommand collects all logs and compiles them into a single tar file (.tgz). The file is saved in the/tmpdirectory with the following name format:wddcs_._date_timestamp.tgz
wddcs iom
The wddcs iom command displays IOM status.
wddcs rcli
- The
wddcsrclihelp command provides a list a commands that can be run on a target device.
For example,wddcs /dev/sg51 rcli help
-
The wddcsrcli “show drives” command displays drives information.
For example, wddcs /dev/sg51 rcli "show drives"
- The wddcs
rcli “show vpd”
For example,wddcs /dev/sg51 rcli "show vpd"
- The
wddcscommand displays the enclosure information for a single SEP device.rcli “show enc”
For example,wddcs /dev/sg51 rcli "show enc
- The
wddcscommand displays the cable information.rcli “show cable”
wddcs diag
- The
wddcs diagcommand is used to display, set, or clear diagnostic page information for the feature or component specified in the command option.
- The
wddcscommand is used to display the enclosure status code and ident bit value for the enclosurediag “show-enc”
For example,wddcs /dev/sg51 diag "show-enc"
wddcs fw
The wddcs
command is used to check the firmware download status.
For example, wddcs /dev/sg51 fw status
wddcs zone
- The
wddcs zonecommand provide various commands to be used to configure the zone based on the Ultrastar type.
- The
wddcs zone statuscommand is used to display the zone configuration status of a single IOM/SEP device.
