Manage users

Users refers to all Deep Security Manager account holders. Use this section to create, modify, and delete user accounts. From the Users page, you can:

  • Create New user accounts.
  • Examine or modify the Properties of an existing user account.
  • Set (or change) the Password for a user account.
  • Delete a user account.
  • Search for a particular user.
  • Synchronize with a Directory list of users.
  • View System Events associated with this user.
  • Set or change the Role for this user.

Click New or Properties displays the User Properties window.

View and edit general information

  • Username: The username associated with this user's password.
  • Name: The name of the account holder.
  • Description: a description of the account holder.
  • Role: Use the list to assign a predefined role to this user. Assigning roles can also be done using the right-click menu when in List View mode.
The Deep Security Manager comes preconfigured with two roles: Full Access and Auditor. The Full Access role grants the user all possible privileges for managing the Deep Security system, such as creating, editing, and deleting computers, computer groups, policies, rules, and so on. The auditor role gives the user the ability to view all of the information in the Deep Security system but not the ability to make any modifications except to their personal settings (password, contact information, view preferences, and so on). Roles with various levels of system access rights can be created and modified on the Roles page or by selecting New in the Roles list.
  • Language: The language that will be used in the interface when this User logs in.
  • Time zone: Time zone where the user is located. This time zone is used when displaying dates and times in theDeep Security Manager.
  • Time format: Time format used to display time in the Deep Security Manager. You can use 12-hour or 24-hour format.

Manage sign-in credentials

  • Set password: Click this button to change your password. You will be prompted for your old password and new password.
  • Password never expires: When this option is selected, the user's password will never expire.
  • Locked Out (Denied permission to sign in): Checking this will keep this User from being able to sign in to the Manager. If a user enters the wrong password too many times when trying to sign in, he will be locked out automatically. Clear this if you have resolved this situation. Locking or unlocking a user can also be done from the right-click menu when in List View Mode.

Enable Multi-Factor Authentication (MFA)

Click Enable MFA to enable multi-factor authentication (MFA). If MFA is already enabled for this user, you can select Disable MFA to disable it. For details, see Set up multi-factor authentication.

Edit contact Information

You can enter any contact information that you have for the user and also indicate if they are your primary contact or not. You can also check the Receive Alert Emails check box to include this user in the list of users who receive email notifications when alerts are triggered.

Manage general settings

Module

  • Hide Unlicensed Modules: This setting determines whether unlicensed modules will be hidden rather than simply grayed out for this User. This option can be set globally on the Administration > System Settings > Advanced tab.

Refresh Rate

  • Status Bar: This setting determines how often the status bar of the Deep Security Manager refreshes during various operations such as discovering or scanning computers.
  • Alerts List/Summary: How often to refresh the data on the Alerts page in List view or Summary view.
  • Menu/Computers List: How often to refresh the data on the Computers page.
    The Last Successful Update column value will not be recalculated unless the page is manually reloaded.
  • Computer Details window: The frequency with which an individual computer's property page refreshes itself with the latest information (if required).

List Views

  • Remember last Tag filter on each page: Events pages let you filter displayed events by Tag(s). This List Views setting determines if the "Tag" filter setting is retained when you navigate away from and return to an Events page.
  • Remember last Time filter on each page: Events pages let you filter displayed events by Time period and computer(s). These List Views settings determine if the "Period" and "Computer" filter settings are retained when you navigate away from and return to an Events page.
  • Remember last computer filter on each page: Events pages let you filter displayed events by Time period and computer(s). These List Views settings determine if the "Period" and "Computer" filter settings are retained when you navigate away from and return to an Events page.
  • Remember last Advanced Search on each page: If you have performed an "Advanced Search" on an Events page, this setting will determine if the search results are kept if you navigate away from and return to the page.
  • Optimal number of items to show on a single page: Screens that display lists of items will display a certain number of items per "Page". To view the next page, you must use the pagination controls. Use this setting to change the number of list-items displayed per page.
  • Maximum number of items to show on a single page: Many lists on the Deep Security Manager are grouped into categories. For example, intrusion prevention rules can be grouped according to application type. The Deep Security Manager will try to avoid splitting these groups when paginating and can override the "Optimal" setting (above) to keep items in the same group together. Use this setting to set a firm maximum on the number of items to display per page. If the number of items in a group exceeds this number, the group will be split and the group title will display information that this has been done.
  • Maximum number of items to retrieve from database: This setting limits the number of items that can retrieved from the database for display. This prevents the possibility of the Deep Security Manager getting bogged down trying to display an excessive number of results from a database query. If a query produces more than this many results, a message will appear at the top of the display informing you that only a portion of the results are being displayed.
Increasing these values will affect Deep Security Manager performance.

Reports

  • Enable PDF Encryption: Determines if reports exported in PDF format are password protected.

Reset to Default Settings: Reset all settings on this page to their defaults.

Synchronizing with a directory

Does not apply to Deep Security as a Service

The user list can be synchronized with an Active Directory, allowing Users to sign in with the password stored in the directory. Clicking Synchronize with Directory in the toolbar will display the Synchronize with Directory wizard. Type the address of the directory server and your access credentials. You will then be prompted to select which Active Directory group of users to import and whether they will be users or contacts. Once they have been imported, you are given the option to create a scheduled task to periodically synchronize with the directory to keep your list up to date. The imported list of users are locked out of the Deep Security Manager by default. You will have to modify their properties to allow them to sign in to the Deep Security Manager.

To successfully import an Active Directory user account into Deep Security as a Deep Security user or contact, the Active Directory user account must have a userPrincipalName attribute value. The userPrincipalName attribute corresponds to an Active Directory account holder's "User logon name".
If you delete a user from Deep Security Manager who was added as a result of synchronizing with an Active Directory and then resynchronize with the directory, the user will reappear in your user list if they are still in the Active Directory.

Filtering the Active Directory

Does not apply to Deep Security as a Service

The first page of the Synchronize with Directory wizard has an area called Search Options where you can write filters to specify a subset of users to import into the Deep Security Manager. The filter language follows the Internet Engineering Task Force "Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters RFC 4515".

The default filter (objectClass=group) imports all users.

The RFC 4515 filter syntax can be used to filter for specific users or groups in a directory. For example, the following filter would import only users who are members of an Active Directory group called "DeepSecurityUsers": "(&(objectClass=group)(cn=DeepSecurityUsers))".

The RFC 4515 definition is available at http://datatracker.ietf.org/doc/rfc4515/.

The new users, although being in the "locked out" state, are given the Full Access user role.