From df50f07e88386540f358d6698f3edd9b99f9efbe Mon Sep 17 00:00:00 2001 From: Khaoula Date: Tue, 11 Jun 2024 14:56:49 +0200 Subject: [PATCH 1/5] New navigation content refresh Changed all the content from the Getting Started section to align with Product new features --- docs/getting_started/account_security.md | 25 +++-- docs/getting_started/account_settings.md | 21 +++++ docs/getting_started/authentication.md | 3 +- .../community-create_sub_com.md | 18 ---- docs/getting_started/community-edit.md | 26 ----- docs/getting_started/concepts.md | 94 +++++++++++++++++++ docs/getting_started/create_account.md | 18 ++-- docs/getting_started/create_community.md | 53 +++++++++++ docs/getting_started/custom_roles.md | 33 +++++++ .../get_troubleshooting_tips.md | 25 ++--- docs/getting_started/inactive_users.md | 14 +-- docs/getting_started/index.md | 2 +- docs/getting_started/invite_users.md | 59 ++++-------- docs/getting_started/join_community.md | 13 ++- docs/getting_started/manage_api_keys.md | 39 ++++---- docs/getting_started/manage_users.md | 27 +++--- .../getting_started/notifications-Examples.md | 93 +++++++++++++++--- .../notifications-Listing_Creation.md | 92 +++++++----------- docs/getting_started/regions.md | 6 +- docs/getting_started/roles.md | 6 +- docs/getting_started/securitytokens.md | 10 +- docs/getting_started/session_duration.md | 25 ++++- docs/getting_started/sso/openid_connect.md | 13 +-- docs/getting_started/twofactor_workspace.md | 28 ++++++ mkdocs.yml | 40 ++++---- 25 files changed, 522 insertions(+), 261 deletions(-) create mode 100644 docs/getting_started/account_settings.md delete mode 100644 docs/getting_started/community-create_sub_com.md delete mode 100644 docs/getting_started/community-edit.md create mode 100644 docs/getting_started/concepts.md create mode 100644 docs/getting_started/create_community.md create mode 100644 docs/getting_started/custom_roles.md create mode 100644 docs/getting_started/twofactor_workspace.md diff --git a/docs/getting_started/account_security.md b/docs/getting_started/account_security.md index e89feffa77..9164e1586d 100644 --- a/docs/getting_started/account_security.md +++ b/docs/getting_started/account_security.md @@ -1,17 +1,14 @@ -# Set up account security -## Two-factor authentication +# Two-factor authentication Two-Factor Authentication (2FA) provides an extra layer of security for your Sekoia.io account by introducing an additional step during the login process. In addition to your username and password, you will be required to provide a 6-digit verification code generated on your phone. This ensures enhanced protection against unauthorized access to your account. -### How do I enable two-factor authentication? - ## Enabling Two-Factor Authentication -To enhance the security of your Sekoa.io account, you can enable Two-Factor Authentication (2FA) by following these instructions: +To enhance the security of your Sekoia account, you can enable Two-Factor Authentication (2FA) by following these instructions: -1. Begin by logging in to app.sekoia.io using your credentials -2. Click on your profile picture in the top right of the screen. From the dropdown menu, select `Account settings` to access the User Center -3. Within your Account page, scroll down until you find the section labeled `Register Two-Factor Authentication`. Click on the `Enable` button associated with it +1. Begin by logging in to app.sekoia.io +2. Click on your name in the navigation menu and select `Profile and security` +3. Within your profile page, scroll down until you find the section labeled `Register Two-Factor Authentication`. Click on the `Enable` button associated with it 4. You will be asked to enter your password for verification purposes 5. Follow the steps below to complete the setup process for 2FA on your account: 1. Visit either the App Store (for iOS) or the Play Store (for Android) to download and install an Authenticator app such as Lastpass, Authenticator, or Authy. Follow the instructions provided by the app to set up an account @@ -19,7 +16,7 @@ To enhance the security of your Sekoa.io account, you can enable Two-Factor Auth 3. Enter the `6-digit code` generated by the authentication app 6. Lastly, ensure that you generate and securely save your backup codes. These codes serve as a backup method to access your account in case you are unable to use the authentication app -### Generate backup codes +## Generate backup codes If you lose your mobile device or cannot use your authenticator app, you can use backup codes provided by Sekoia.io to access your account. **Ten backup codes** are generated. Each code can only be used **once**. @@ -29,7 +26,7 @@ You can also generate new backup codes but keep in mind that your old codes will We recommend you print off and store your codes in a safe location. -### Log in with backup codes +## Log in with backup codes To log in with your backup codes, you will need to: @@ -38,13 +35,13 @@ To log in with your backup codes, you will need to: 3. Enter your `username` and `password` 4. When asked for your verification code, enter the backup code and select `verify` -### How to disable two-factor authentication +## How to disable two-factor authentication -To disable two-factor authentication on your SEKOIA account: +To disable two-factor authentication on your Sekoia account: 1. Log in to app.sekoia.io -2. Click on your profile picture and select `Account settings` to access the User center -3. In your Account page, scroll down to the section `Register Two-Factor Authentication` and click on `Enable` +2. Click on your name and select `Profile and security` +3. Within your profile page, scroll down to the section `Register Two-Factor Authentication` and click on `Enable` 4. Enter your current password and select `disable` !!! Note diff --git a/docs/getting_started/account_settings.md b/docs/getting_started/account_settings.md new file mode 100644 index 0000000000..cf4580b51a --- /dev/null +++ b/docs/getting_started/account_settings.md @@ -0,0 +1,21 @@ +# Set up your account + +Once your account is created, you will be directed to the Settings page. Here, you can personalize your account settings, enhance security, and manage your preferences. + +### Account setup options + +- Edit personal information: Change your profile picture by clicking on it and selecting a new picture from your files +- [Add layers of security](account_security.md): Enable additional security features such as two-factor authentication and security tokens to protect your account +- [Notification preferences](notifications-Listing_Creation.md): Set up your notification preferences to stay informed about important updates and activities + +For more detailed guidance on navigating the platform and using its features, refer to the [Where to Start](concepts.md) section. + +### Change theme of the application + +To change the theme of your workspace, follow these steps: + +1. Go to Settings +2. On the top of the menu, click on `Theme` +3. Select either Light theme or Dark theme + +The change takes effect immediately and will be saved. Please note that this customization applies only to your account and does not affect the theme settings for other workspace members. \ No newline at end of file diff --git a/docs/getting_started/authentication.md b/docs/getting_started/authentication.md index dfe485146d..2cb1b7738f 100644 --- a/docs/getting_started/authentication.md +++ b/docs/getting_started/authentication.md @@ -1,8 +1,9 @@ # Authentication + The app is accessible through the URL [app.sekoia.io](http://app.sekoia.io). You’ll have to enter your email and password then hit Login. We highly recommend using **2-factor authentication** to add a layer of security to your account. You can either use an Authentication app or a security token. -In case your forgot your password, you can hit the “Forgot password link” on the login page, enter your email address and wait until we send you a confirmation link to reset your password shortly after. +In case your forgot your password, you can hit the `Forgot password link` on the login page, enter your email address and wait until we send you a confirmation link to reset your password shortly after. You can find the necessary documentation to set up the required security on this **page**. diff --git a/docs/getting_started/community-create_sub_com.md b/docs/getting_started/community-create_sub_com.md deleted file mode 100644 index 2bf3f19795..0000000000 --- a/docs/getting_started/community-create_sub_com.md +++ /dev/null @@ -1,18 +0,0 @@ -# Overview - -MSSP community with multiple managed communities: for MSSP partners with SOC/CERT activities -Sub-community creation is only available on MSSP mode only - -!!! info - To access MSSP mode, contact your Sekoia account executive. Once subscribed, you will be switched to MSSP mode in the following days - -# Create a new sub-community - -To create a managed community in an MSSP environment: - -1. Go to `Settings` on the bottom left of the screen -2. You’ll find a list of all managed communities within the main MSSP community if you have the appropriate permisions on your personal account. Click on the button `+ New Community` -3. Provide a name, a description and a link to a website (optional) -4. Save - -Your newly created community now appears in the listing of your managed communities. diff --git a/docs/getting_started/community-edit.md b/docs/getting_started/community-edit.md deleted file mode 100644 index f88454d1c5..0000000000 --- a/docs/getting_started/community-edit.md +++ /dev/null @@ -1,26 +0,0 @@ -## Overview - -Community information and image can be edited - -## Edit a community - -To edit a community's name and description, as an Administrator of the community: - -1. Go to the managed community’s main page -2. Click on the `Edit` button next to the community’s name -3. From there, you can change the name, the description, the website and the image of the community. -4. Save your changes - - -### Add an image - -Being able to recognize your managed communities can be important, especially when you enable rules, filter your events or sort alerts. - -One way to go is to add a profile image to the community. To do so: - -1. Go to the managed community’s main page -2. Click on the cercle next to the community’s name -3. Upload an image by dragging it in the area or by uploading it from your machine -4. Save your changes - -Your managed community is now recognizable. You can also hover over the image to see your community’s name. diff --git a/docs/getting_started/concepts.md b/docs/getting_started/concepts.md new file mode 100644 index 0000000000..6a47981790 --- /dev/null +++ b/docs/getting_started/concepts.md @@ -0,0 +1,94 @@ +# Where to start + +## Authentication + +The app is accessible through the URL [app.sekoia.io](https://app.sekoia.io/). You’ll have to enter your email and password then hit Login. + +We highly recommend using [2-factor authentication](account_security.md) to add a layer of security to your account. You can either use an Authentication app or a [security token](securitytokens.md). + +In case your forgot your password, you can hit the “Forgot password link” on the login page, enter your email address and wait until we send you a confirmation link to reset your password shortly after. + +!!! note + You can find the necessary documentation on how to set up the required security on this [page](account_security.md). + + +## Basic concepts + +### Workspace + +A **Workspace** is the central hub of your Sekoia.io application where all primary activities and operations occur. It serves as the main environment for managing your operational tasks, settings, and configurations. Each workspace can support multiple communities, making it flexible for both single and multi-tenant modes. + +### Communities + +**Communities** are subdivisions within a workspace that allow for more granular control and management of cybersecurity operations settings. They can function independently or inherit the configurations of their parent workspace. This flexibility is particularly useful for MSSPs who manage multiple clients or for organizations with distinct departments needing separate management and controls. + +--- + +### TL;DR + +**Workspace**: The main environment where everything happens. It includes all primary features operations, settings, and configurations. + +**Community**: A sub-environment within a workspace. It can operate independently or inherit settings from the main workspace. It is useful for multi-tenant setups where different groups need separate configurations. + +## Navigation + +### Switch workspace and communities + +The platform allows you to seamlessly switch between different workspaces and communities, ensuring that you can efficiently manage your tasks and collaborations. +Switching Workspaces + +#### Switch workspace + +To switch to a different workspace, follow these steps: + +- Click on the current workspace name located at the top of the menu +- A dropdown list will appear, showing all available workspaces +- Select the desired workspace from the list to switch to it + +#### Switching communities + +For switching communities or selecting multiple communities, use the Communities button located in the breadcrumb: + +1. Click on the Communities button in the breadcrumb navigation +2. A selection menu will appear, displaying all available communities +3. Check the boxes next to the communities you need to access to switch to the chosen communities + +!!! note + The button Communities in the breadcrumb is only available to multi-tenant workspaces. + + +### Quick filters + +On the main pages of the app, such as Alerts, Rules Catalog, Intakes, Playbooks, and Intelligence, a filter button exists to let you customize results displayed in complex tables. The `Filters` button enables you to refine and tailor the data according to your specific needs. + +#### Enabling filters quickly + +For quick access to the filter menu, simply press the "F" key on your keyboard. This shortcut will instantly open the filter menu, allowing you to start customizing your view without the need to navigate through additional menus. + +#### Adding and using filters + +- **Multiple Filters**: You can apply multiple filters to the same table. This allows you to narrow down the results based on various criteria simultaneously. For instance, you can filter by date range, status, and assigned user all at once. + +- **Multi-Selection**: The filter menu supports multi-selection. This means you can select multiple values for a single filter criterion. For example, if you want to see alerts from several specific sources, you can select all relevant sources within the filter menu. + + +### Personalized menu + +The platform offers a personalized menu feature, allowing you to customize the order and visibility of pages based on your profile and daily activities. + +#### Adding pages to favorites + +To enhance your workflow, you can add the pages you use most frequently to your favorites. These pages will then be pinned at the top of the menu for easy access. Simply click the star icon next to a page name to add it to your favorites list. + +#### Organizing menu sections + +The menu is divided into multiple sections, which you can reorganize according to your preferences. To rearrange these sections: + +1. Click and hold the section header you wish to move +2. Drag the section to your desired position within the menu +3. Release the mouse button to drop the section in its new location + +For example, if you use the Observe section more frequently, you can drag it to the top of the menu for quicker access. + + + diff --git a/docs/getting_started/create_account.md b/docs/getting_started/create_account.md index 27568510a0..6d55731797 100644 --- a/docs/getting_started/create_account.md +++ b/docs/getting_started/create_account.md @@ -1,13 +1,17 @@ # Create your account -To create your new account, you will have to click on the link in the invitation email and you'll be redirected to the account creation form. +As mentionned in the [Join a workspace or a community](join_community.md) article, you need to be invited to join a workspace by a current user to be able to create an account. -From there, you'll have to: +## Step-by-step account creation -1. Provide your full name -2. Set a strong password -3. Agree to the Terms of Service +### Open the invitation email +1. Locate the invitation email sent to you by Sekoia.io +2. Click on the link provided in the email to be redirected to the account creation form + +### Complete the Account creation form +1. Provide your full name: Enter your full name in the designated field +2. Set a strong password: Create a strong password that meets the platform’s security requirements +3. Agree to the Terms of Service: Read and agree to the Terms of Service by checking the appropriate box +4. Click the `Create Account button` to finalize the creation of your account -Once your account is created, you land in the User Center which is the place where you can setup your account, add layers of security and privacy, set notifications and manage your communities. -The User Center is accessible by clicking on your avatar on the upper right part of the screen. Learn more about navigation on the platform in this article. diff --git a/docs/getting_started/create_community.md b/docs/getting_started/create_community.md new file mode 100644 index 0000000000..dbcdc7dc1d --- /dev/null +++ b/docs/getting_started/create_community.md @@ -0,0 +1,53 @@ +# Create and edit communities + +## Types of users + +### Single-tenant users +For single-tenant users, a workspace is automatically created upon subscribing to Sekoia. Users can only have one Workspace, which does not contain any communities. + +### Multi-tenant users +For multi-tenant users, such as Managed Security Service Providers (MSSPs), a primary workspace is created. These users can add multiple communities to manage their various clients or departments. + +!!! info + To access multi-tenant mode, contact your Sekoia account executive. Once subscribed, you will be switched to muulti-tenant mode in the following days. + +## How to create a community + +To create a new community in a multi-tenant mode, you must have the necessary role and permissions. + +Follow these steps to create a community: + +1. In the main navigation, click on `Settings` +2. In the `workspace` section, click on `Add new community` button in the left panel that lists workspace and communities +3. Fill in the required details such as the name and a description. The website field is optional +4. Save changes + +The newly created community will now appear in the communities listing. + +## How to edit a community + +To edit an existing community details, follow these steps: + +1. Navigate to the community you wish to edit +2. Click the `Edit button` to modify the name, description, and website +3. To change the community image, click on the profile picture and select a new one from your files + +### Steps to edit community details + +#### Edit name and description + +1. Click the Edit button next to the community name +2. Update the name and description fields as needed +3. Click Save to apply your changes + +#### Change community image +1. Click on the current profile picture +2. Select a new image from your files +3. Click Save to update the profile picture + +By following these steps, you can easily manage and customize your communities to better align with your organizational needs and branding. + +## How to add and remove users + +To learn more about how to add and remove users, please follow this documentation on [Users and Roles](invite_users.md). + diff --git a/docs/getting_started/custom_roles.md b/docs/getting_started/custom_roles.md new file mode 100644 index 0000000000..1fa55ca5b1 --- /dev/null +++ b/docs/getting_started/custom_roles.md @@ -0,0 +1,33 @@ +# Custom roles + +## Creating a custom role + +To create a custom role, follow these steps: + +1. Go to Settings > Workspace > Roles +2. Click on the Add New Role button +3. Provide role details: + - Role name: Enter a name for the new role + - Description: Write a description between 10 and 1000 characters to explain the purpose and responsibilities associated with this role +4. Choose the specific permissions you want to assign to this role. These permissions will define what actions users with this role can perform +5. Click Save to create the role. The new role will now appear in the roles listing. + +## Assigning the custom role to users + +Once the custom role is created, you can assign it to existing users: + +1. Navigate to the Workspace users page in the settings menu +2. Select the user you want to assign the role to +3. Attribute the new custom role to the user and save your changes + +## Important considerations + +### Disabling built-in roles + +When you assign a custom role to a user, any built-in roles previously assigned to that user will be disabled. Ensure that the custom role includes all necessary permissions for the user’s responsibilities. + +### Multiple custom roles + +You can add multiple custom roles to a single user. This allows you to combine permissions from different roles to create a comprehensive permission set for the user. + +By creating and managing custom roles, you can ensure that your users have the precise permissions they need to perform their tasks efficiently and securely. \ No newline at end of file diff --git a/docs/getting_started/get_troubleshooting_tips.md b/docs/getting_started/get_troubleshooting_tips.md index 5f685403be..8f27d435c1 100644 --- a/docs/getting_started/get_troubleshooting_tips.md +++ b/docs/getting_started/get_troubleshooting_tips.md @@ -1,4 +1,4 @@ -# Get Troubleshooting Tips +# Troubleshooting Tips If you're having trouble signing in to Sekoia, get more information about signing in issues and fixing them. @@ -10,20 +10,21 @@ If Sekoia.io can't maintain WebSocket connections on the browser, the web applic #### Troubleshooting Steps -Step 1: Contact your network administrator +**Step 1: Contact your network administrator** -Contact your network administrator to make sure they support WebSocket connections. Also ask it to review login attempts to the following url: app.sekoia.io/live +Contact your network administrator to make sure they support WebSocket connections. Also ask it to review login attempts to the following URL: [app.sekoia.io/live](app.sekoia.io/live) -Step 2: Collect and send us network logs +**Step 2: Collect and send us network logs** If the problem persists, collect and send the network logs to us so we can investigate the situation further. You can collect network logs through through Google Chrome. -1. Open Google Chrome and navigate to the following link: chrome://net-export/. -2. Click Start Logging to Disk. -3. Save the file as sekoiaNetlog. -4. In another Chrome tab, open your Sekoia workspace. -5. Use Sekoia as you normally do. When the problem occurs, go back to the chrome://net-export/ tab and click Stop Logging. -6. Find the sekoiaNetlog file in the Downloads folder on your computer. -7. Send us a message with the file attached. +1. Open Google Chrome and navigate to the following link: chrome://net-export/ +2. Click Start Logging to Disk +3. Save the file as sekoiaNetlog +4. In another Chrome tab, open your Sekoia workspace +5. Use Sekoia as you normally do. When the problem occurs, go back to the chrome://net-export/ tab and click Stop Logging +6. Find the sekoiaNetlog file in the Downloads folder on your computer +7. Send us a message with the file attached -Note: If you don't use Chrome as your browser, send us a message and we'll help you resolve the issue. \ No newline at end of file +!!! note + If you don't use Chrome as your browser, send us a message and we'll help you resolve the issue. \ No newline at end of file diff --git a/docs/getting_started/inactive_users.md b/docs/getting_started/inactive_users.md index 816a855b4c..84d886bd53 100644 --- a/docs/getting_started/inactive_users.md +++ b/docs/getting_started/inactive_users.md @@ -2,10 +2,10 @@ To comply with [PCI/DSS](https://www.pcisecuritystandards.org/) requirements, us ## How to deactivate inactive accounts? -If you need to deactivate inactive accounts on your community, follow these steps: +If you need to deactivate inactive accounts on your workspace, follow these steps: -1. Navigate to the User Center and select Managed Communities -2. Go to the `Security` tab and scroll to the section `Deactivate inactive accounts` +1. Go to Settings page > Workspace Security +2. Find the section `Deactivate inactive accounts` 3. Enable the toggle `On/Off` and click on `Confirm` !!! tip @@ -13,10 +13,10 @@ If you need to deactivate inactive accounts on your community, follow these step ## How to reactivate an account? -If you need to reactivate a deactivated account on your community, follow these steps: +If you need to reactivate a deactivated account, follow these steps: -1. Navigate to the User Center and select Managed Communities -2. Locate the deactivated user's name and click the ellipsis `"..."` menu on the right-hand side. You can use the `Filter by Status` and select `Deactivated` to list only deactivated accounts +1. Go to Settings page > Workspace users +2. Locate the deactivated user's name and click the ellipsis `"..."` button on the right-hand side. You can use the `Filter by Status` and select `Deactivated` to list only deactivated accounts 3. Choose the `Reactivate` option and confirm your choice !!! note @@ -24,7 +24,7 @@ If you need to reactivate a deactivated account on your community, follow these ## Your account have been deactivated -If your account has been deactivated and you need to reconnect to the platform, contact your community's admin as they are the ones who can [reactivate your account](#how-to-reactivate-an-account). +If your account has been deactivated and you need to reconnect to the platform, contact your workspace admin as they are the ones who can [reactivate your account](#how-to-reactivate-an-account). After your account has been reactivated, it's essential to re-authenticate your account by logging in **at least once before midnight on the same day.** If you do not log in within this time frame, your account will be deactivated again. diff --git a/docs/getting_started/index.md b/docs/getting_started/index.md index ae2d32619a..1ce505749e 100644 --- a/docs/getting_started/index.md +++ b/docs/getting_started/index.md @@ -11,7 +11,7 @@ On this website, you’ll find the documentation for the three award-winning pro In addition to a web interface, Sekoia.io provides **REST/API** for external apps for almost all of its features, and it’s free! -This documentation platform is made to guide you through the different features and use cases of the app, but also to answer all of your questions. It’s open-source and it’s a work in progress, so don’t hesitate to contribute and enhance its content using this [public repo](https://github.com/SEKOIA-IO/documentation). +This documentation exists to guide you through the different features and use cases of the app, but also to answer all of your questions. It’s open-source and it’s a work in progress, so don’t hesitate to contribute and enhance its content using this [public repo](https://github.com/SEKOIA-IO/documentation). If you are interested in our products, contact us to plan a demo by filling out [this form](https://www.sekoia.io/en/contact/). diff --git a/docs/getting_started/invite_users.md b/docs/getting_started/invite_users.md index 91b56d3c9f..63324f490d 100644 --- a/docs/getting_started/invite_users.md +++ b/docs/getting_started/invite_users.md @@ -1,59 +1,34 @@ -# Invite users to join your community +# Invite users to join your workspace -To invite users to your community, you need to send them invitations through the User Center. You can invite as many users as needed as soon as you are an Administrator of the community. +To invite users to a workspace or a community, you need to send them an invitation to join you on Sekoia.io. You can invite as many users as needed as soon as you are an Administrator of the workspace/community. -However, depending on the [type of community](/getting_started/create_community.md) you are in, the invitation process can differ. +However, depending on the [type of community](concepts.md) you are in, the invitation process can differ. -In this documentation, you will learn how to add users in these communities. +In this documentation, you will learn how to add news users to a workspace or a community. ---- +## Add new users to a workspace -## Add new users to a community +To invite new users to a workspace, follow these steps: -!!! note - Separate multiple email addresses with commas to add multiple users at the same time. - -### In a managed community +1. Navigate to the `Settings` page from the menu +2. On the `Users` page, click the `Add new users` button +3. Enter the email addresses of the users you want to invite, separating each with a comma +4. Select the communities you want to add them to +5. Assign roles to your guests. You can either select the default ones or create custom roles based on chosen permissions. Check this documentation to learn how to [create custom roles](docs/getting_started/roles.md). -To invite new users to a managed community: - -1. Click on your avatar on the upper right side of the screen and select `Managed Communities` -2. On the tab `Users`, click on the `+ User` button -3. Type in the `user’s email` and select the `community` you want to invite them in -4. Select `roles` you want to attribute to your guest. You can either select the default ones or create custom roles based on chosen permissions. Check this documentation to learn how to create custom roles. -5. Once you’re done, press `Validate` and wait for your guest to accept the invitation +These steps are the same whether you want to invite new users to a workspace or to a community. +In case it's a multi-tenant workspace, the invited user will only have access to the selected community, not the whole workspace. !!! note - An email is only sent when the user is added for the first time on Sekoia.io to set its password (and if the user is not present in any other community). - -### In an MSSP community + A welcome email with a password set link is sent only to new users on Sekoia.io (excluding existing members in other communities). -An MSSP community is one main community with multiple managed communities inside of it. The admin of an MSSP community can access all of the managed communities. +## Automatic creation of users with SSO Okta -You can either invite users to join the main MSSP community or invite them to one or more managed communities inside the MSSP community. +As mentioned on [this page](sso/openid_connect.md): Workspace admins who have enabled SSO with Okta can configure an option to automatically create new users accounts in their workspace. When a user logs-in for the first time, their account will be automatically created. You can set the default role for newly created users, and you can choose the default role among all the roles available in your community. -#### In the main MSSP community - -To add users to the main MSSP community: - -1. Click on your avatar on the upper right side of the screen and select `Managed Communities` -2. On the tab `Users`, click on the `+ User` button -3. Type in the `user’s email` and select the MSSP community (the first one in the list) -4. Select `roles` you want to attribute to your guest. You can either select the default ones or create custom roles based on chosen permissions. Check this documentation to learn how to create custom roles. -5. Once you’re done, press `Validate` and wait for your guest to accept the invitation - -The invited user will have access to the main MSSP community as well as all other managed communities inside of it. + -#### In an MSSP managed community -If you need the invited user to access only some managed communities within the MSSP community, invite them to only some specific communities. -To add users to some managed communities within a main MSSP community: -1. Click on your avatar on the upper right side of the screen and select `Managed Communities` -2. On the tab `Users`, click on the `+ User` button -3. Type in the `user’s email` and select communities you want to invite your user in -4. Select `roles` you want to attribute to your guest. You can either select the default ones or create custom roles based on chosen permissions. Check this documentation to learn how to create custom roles. -5. Once you’re done, press `Validate` and wait for your guest to accept the invitation -The invited user will only have access to the selected MSSP managed communities, but not the main MSSP community. diff --git a/docs/getting_started/join_community.md b/docs/getting_started/join_community.md index 42a0ef59f5..45e5a00c8a 100644 --- a/docs/getting_started/join_community.md +++ b/docs/getting_started/join_community.md @@ -1,9 +1,12 @@ -# Join a Community -To access Sekoia.io, you’ll need to either have an existing account or be invited in a community by someone who already has an account and the right permissions to add people. +# Join a workspace or a community -When invited to join a community, you’ll receive an invitation email with a link. +To access Sekoia.io, you need to either have an existing account or be invited to join a workspace or community by a current user who has the appropriate permissions to add new members. -Click on the `Join your new community` button and follow the [account creation](create_account.md) steps to create your account. +When you are invited to join a workspace or community, you will receive an invitation email. This email contains a link to join the platform. + +- **Open the invitation email**: Look for an email from Sekoia.io with the subject line indicating an invitation +- **Click the Join button**: Click on the Join your new community button within the email +- **Follow account creation steps**: You will be redirected to a page where you can follow the [account creation steps](create_account.md) to set up your account. !!! note - Sometimes, the email is redirected to spams. Check your spams in case you don’t receive this invitation. + Sometimes, the invitation email might be redirected to your spam or junk mail folder. If you do not see the invitation in your inbox, please check these folders. \ No newline at end of file diff --git a/docs/getting_started/manage_api_keys.md b/docs/getting_started/manage_api_keys.md index 8888360ce7..c648ac463e 100644 --- a/docs/getting_started/manage_api_keys.md +++ b/docs/getting_started/manage_api_keys.md @@ -2,15 +2,29 @@ ## Overview -API keys are an important part of the platform. They let our users automate actions and provide technical access without going through the UI. +API keys are a crucial component of the Sekoia.io platform, enabling users to automate actions and provide technical access without needing to navigate through the UI. -An API key is not only a unique identifier and a secret token for authentication, but it can also work as a mean to give an access that is more specific to the identity that is associated with it. +An API key serves as both a unique identifier and a secret token for authentication. It allows for specific access tailored to the identity associated with it, ensuring secure and controlled interactions with the platform. + +### Uses of API Keys + +- **Automation**: Automate various tasks and workflows within the platform, enhancing efficiency and productivity +- **Technical access**: Provide technical access for integrations and interactions without relying on the UI +- **Specific access control**: Grant precise permissions and access levels specific to the API key’s associated identity, ensuring that only authorized actions are performed + +### Required for certain features + +Some features within the app require the creation of an API key, including: + +- CTI interconnection: Connect with third-party tools for Cyber Threat Intelligence (CTI) sharing and integration +- Playbooks: Utilize API keys within playbooks to execute automated responses and processes. + +By using API keys, users can seamlessly integrate with Sekoia.io and leverage its capabilities to their full extent, ensuring secure and efficient operations. -Some bricks within the app also require the creation of an API key such as our CTI interconnection with third-party tools and playbooks. ## API keys listing -To access the list of generated API keys in your community, you have to click on your avatar, go to Managed communities and click on the `API keys` tab. +To access the list of generated API keys in your community, you have to go to Settings > Workspace > API Keys. On this view, you can: @@ -18,15 +32,8 @@ On this view, you can: - Filter your API keys by status: `Active`, `Revoked`, `All` - Add a new API Key by clicking on the button `+ API key` -The table that lists API keys has various columns where you can find the following: - -- Name of the API key -- Description of the API key -- ID of the API key that can be copied with the button icon `copy` -- Creation date -- Roles linked to the API key -- Status: `Active`, `Revoked`, `All` -- A button to edit the API key +!!! note + Only users with admin roles and permissions have the right to create API keys. ## Create an API key @@ -46,6 +53,6 @@ Revoking an API key will make it unusable. It’s rather easy to do but keep in To revoke an API key, please proceed with the following steps: -1. Go to `Managed communities` page by clicking on your avatar in the upper right of the screen -2. On the API key tab, click on the `Edit` button -3. Then revoke the API key by clicking on the red button `Revoke` +1. Go to Settings > Workspace > API Keys +2. Click on the `Edit` button next to your API Key +3. Revoke the API key by clicking on the button `Revoke` diff --git a/docs/getting_started/manage_users.md b/docs/getting_started/manage_users.md index 69ea898d9c..b2e99e1bea 100644 --- a/docs/getting_started/manage_users.md +++ b/docs/getting_started/manage_users.md @@ -2,20 +2,25 @@ ## Overview -A role has attached permissions allowing a user to access, view pages and use its features. +You can manage users from the section Workspace in the Settings. +To manage users in a workspace, you need to have the Admin role. -In the following sections, you will learn how to manage your users. +Each user has a name, date of registration, and a role assigned. +From the listing of users in a workspace, their role, emails, date of registration and authentication method are displayed. + +A search bar helps quickly look for a member, and quick actions like Deactivate or delete a user can be done directly from the table. -## Needed role and permissions -To manage users in a community, you need to be an Administrator of the community. +A role has attached permissions allowing a user to access, view pages and use its features. + +In the following sections, you will learn how to manage your users. ## Detailed page of a user To access the detailed page of a user: -1. Go to the page `Managed communities` that’s accessible by clicking on your avatar in the upper right of the screen -2. In the tab `Users`, click on the name of a user +1. Go to `Users` page in Settings +2. Click on the name of the user From this page, you can: @@ -23,17 +28,17 @@ From this page, you can: - See attached permissions to each role attributed - Access the list of assigned roles - Delete assigned roles +- Deactivate account - Delete user from the community -image -## In MSSP communities +## In multi-tenant workspaces -In an MSSP community, role management can be a bit tricky. +In a multi-tenant workspace, role management can be tricky. Here is how to handle it: -When a user is invited to the main MSSP community, the roles assign to this person are applied to all managed communities. -Same behavior when a user is added on Main MSSP community. +When a user is invited to the workspace, the role assigned to this user is the same in all communities. +The same behavior happens when a user is added to In addition to that, external roles can be added in any managed community to the user role set previously in the main MSSP community. Roles assigned to a user in a managed community are independent from their roles in other subcommunities. diff --git a/docs/getting_started/notifications-Examples.md b/docs/getting_started/notifications-Examples.md index 1d833a9ed7..643f7f298e 100644 --- a/docs/getting_started/notifications-Examples.md +++ b/docs/getting_started/notifications-Examples.md @@ -1,34 +1,105 @@ -## Examples +# Notification examples -When your conditions are configured, you'll have to choose which actions should be triggered by the notification mechanism. You can enable one or more actions for each notification rule. +## Triggers -For instance, you can decide to send an e-mail AND send a message on a Mattermost channel. +### Intakes -### Sekoia.io Notification +Set up notifications to alert you when an intake stops sending events. This ensures you are promptly informed of any disruptions. + +1. Select the trigger `No events are received` +2. Choose the intake you want to monitor +3. Specify the duration of inactivity that will trigger the notification, ranging from 15 minutes to 24 hours + +### Rules Catalog + +Stay updated on changes in the Rules Catalog by triggering notifications when new rules are added by Sekoia.io. Customize these notifications for more granular updates. + +1. Choose the New rule added trigger +2. Specify conditions such as: Name, Description, Pattern and Severity levels +3. Combine multiple conditions within a single notification rule for precise alerts + +### New reports + +Stay informed when new reports are added to the platform by Sekoia. Whether you're interested in all new FLINT reports or just specific TLP Amber reports, you can customize your notifications to keep you updated. + +1. Select "A report is available" as the trigger +2. Specify conditions such as: Name, description, threat, sector, country, TLP, confidence levels, and if it's a FLINT or not +3. Combine multiple conditions within a single notification rule for more precise reports + +### Alerts + +Stay informed when alerts are raised or updated on the platform. Customize your notifications to ensure you are promptly alerted to significant changes and updates. + +#### Alerts raised + +When a new alert is raised, you can set up notifications based on the following conditions: + +- Assets: Monitor alerts related to specific assets +- Entities: Track alerts associated with particular entities +- Triggering rule: Receive notifications for alerts triggered by specific rules +- Urgency level: Set conditions based on the urgency level of the alert +- Alert status: Be informed about alerts with specific statuses (e.g., new, ongoing) +- Asset criticality: Focus on alerts concerning assets with defined criticality levels + +#### Alerts updated + +For alerts that are updated, customize your notifications with these conditions: + +- Recurrence: Get notified on recurring alerts +- Assets: Monitor updates related to specific assets +- Entities: Track updates associated with particular entities +- Triggering rule: Receive notifications for updates triggered by specific rules +- Urgency level: Set conditions based on the updated urgency level of the alert +- Alert status: Be informed about changes in alert status +- Asset criticality: Focus on updates concerning assets with defined criticality levels + +By setting up these conditions, you can ensure that you receive timely and relevant notifications about alerts that are most important to your operations. + +### Playbooks + +The "A playbook has encountered an error" trigger allows you to stay informed about issues within your playbooks. + +- If this trigger is selected alone, you will receive a notification for every error encountered by a playbook in your community, regardless of whether the error causes the playbook to crash. + +- If you want to be notified only when a playbook encounters an error that also causes it to crash, select the "And it crashed" condition in addition to the error trigger. + +By configuring these triggers, you can ensure that you are promptly alerted to both minor issues and critical failures within your playbooks, allowing for timely troubleshooting and resolution. + + +## Conditions + +After setting up your conditions, you need to choose the actions that will be triggered by the notification mechanism. You can enable one or more actions for each notification rule. For example, you can decide to send an email and post a message on a Mattermost channel. + +### Sekoia.io in-app notification + +The Notification action allows you to send in-app notifications that will be available across Sekoia.io. These notifications can be accessed from the `Notifications` entry in the menu. You just click on it and it will open the notification panel to view all notifications. -The “Notification” action allows you to send an in-app notification that will be made available across Sekoia.io. All notifications can be accessed from the `bell icon` on the top right. By clicking there, the notification panel with all notifications will be displayed. ### Email Notification -The “Email notification” will let you send an e-mail to an arbitrary address with the two different options: +The Email notification will let you send an e-mail to a specified address with two different options: - By default, simple notification content will be sent with a link to Sekoia.io page corresponding of the Condition(s) set up -- If you enable the `Enrich email with contextual infos` toggle, more contextual information related to your alert will be communicated. +- If you enable the `Enrich email with contextual infos` toggle, the email will include more detailed contextual information related to your alert. ### Mattermost Notification -Mattermost is a popular professional chat service. The “Mattermost notification” will send messages to any Mattermost instance. To do so, you’ll have to configure a new `Incoming Webhook` on your Mattermost instance and choose to which Mattermost channel the message should be sent to. +Mattermost is a popular professional chat service. The Mattermost Notification action allows you to send messages to any Mattermost instance. To set this up, you'll need to configure a new Incoming Webhook on your Mattermost instance and specify the Mattermost channel where the message should be sent. You can refer to the Mattermost documentation on how to [create a new Mattermost “incoming webhook”](https://developers.mattermost.com/integrate/webhooks/incoming/). ### WebHook Notification -The “WebHook notification” will let you send message to interact with third party softwares. Technical informations related to the event will be pushed to an HTTP server. That latter will be able to understand the received payload and act (for example, retrieve more information about the event itself via Sekoia.io APIs and then push notification to an internal messaging service). +The WebHook Notification allows you to send messages to interact with third-party software. Technical information related to the event will be pushed to an HTTP server, which can then interpret the received payload and take further actions. For example, the server could retrieve more information about the event using Sekoia.io APIs and then push a notification to an internal messaging service. + !!! info - You can’t use the WebHook notification mechanism to push information directly to third parties (such as Slack or Telegram), you have to use an intermediate server. To do so, you can use solutions like IFTTT or a simple HTTP server (see below). + You cannot use the WebHook notification mechanism to push information directly to third-party services like Slack or Telegram. Instead, use an intermediate server to handle the data. Solutions like IFTTT or a custom HTTP server can facilitate this process (Examples can be found below). + There are also playbook templates that can be used to send notifications to Slack or Microsoft Teams directly using Webhooks. See how to [send notifications to a Webhook using a playbook](../xdr/usecases/playbook/notifications_using_playbooks.md) for more information. +#### Example of a WebHook notification + Here’s an example of a posted content to a configured destination via the WebHook mechanism: ```json @@ -157,7 +228,7 @@ async def handle_new_alert( 4. Environment variables that needs to be defined to let the server work. 5. Base model that will be used to parse incoming events (this version only handles alerts). -Now, you have to create a new API Key in Sekoia.io’s User Center. That one should have at least the right to read alerts (`SIC_READ_ALERT` permissions). +Now, you have to [create a new API Key in Sekoia.io](manage_api_keys.md). That one should have at least the right to read alerts (`SIC_READ_ALERT` permissions). Then you have to install requirements and start the HTTP server with the appropriate environment variables: diff --git a/docs/getting_started/notifications-Listing_Creation.md b/docs/getting_started/notifications-Listing_Creation.md index 8040bda167..58c5592cca 100644 --- a/docs/getting_started/notifications-Listing_Creation.md +++ b/docs/getting_started/notifications-Listing_Creation.md @@ -1,76 +1,56 @@ -## Overview +# Notifications -To stay informed about the latest activities on your community, you can set up notifications and get alerts each time a new alert pops up or a new report is online. +Stay updated on your workspace's latest activities by setting up notifications for multiple features. -Notifications Rules, accessible through the User Center or the contextual menu, will let you: +## What notifications can do -- Focus on specific Sekoia.io events (Operations Center alerts and Intelligence Center reports) -- Add precise conditions -- In a multi-tenant context, select the communities from which you'd like to receive these notifications (from all your communities or just one). -- Configure actions to be triggered (send an e-mail, display a notification in Sekoia.io, …) +Notifications, accessible through the main menu or Settings, allow you to: -This documentation will let you go deeper into [Sekoia.io](http://sekoia.io/)’s notifications mechanism. +- Focus on specific events such as: + - A new alert is raised + - An alert is updated + - A report is available + - A new rule is added to the Rules Catalog by Sekoia.io + - No events are received + - A playbook encountered an error -## Notifications listing +- Add specific conditions: + - Focus on the name, reference, pattern, source, intake... -When there are no notifications set up in your community, the listing page will be blank. A `+ new notification` button is highlighted as you can start creating your notification from there. +- In a multi-tenant setup, specify if the notification applies to all your communities or specific ones +- Configure actions such as sending an email or displaying an in-app notification -Once you have some notifications created, each notification can be modified, duplicated, deleted and (de)activated from the main Notification page in the User Center. +This documentation provides detailed information on the Sekoia.io notifications mechanism. -You can also search and filter your notifications from this page. +## Notifications Listing -You can filter by type of trigger or type of actions. +If no notifications are set up in your community, the listing page will be blank with a highlighted `+ New Notification` button for creating new notifications. -!!! Warning - Each notification is exclusively visible to the user who configured it AND within the community where it was created. - -## Create a new notification - -**In single-tenant mode:** Notifications apply only to the community you're in. - -**In multi-tenant mode:** By default all notifications will come from all your sub-communities, but you can also choose to receive notifications from just one sub-community. - -Once configured, these notifications will only be visible to the user who created them. - -### Operations Center Notifications - -To write a new notification rule in the Operations Center, you first have to: +Once notifications are created, you can edit, duplicate, delete, and (de)activate them from the main Notification page in the Settings. You can also search and filter notifications by trigger type or action type. -1. Select an `event` and `conditions` that will trigger your notification rule. You can configure your notification rule to be triggered on `alerts` (that can be either new or already existing) -2. Choose one or multiple `conditions` amongst multiple options (alert status, its urgency, asset concerned by the alert, etc.) -3. Select `actions` that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel -4. Give your notification a `name` -5. Save your changes - -For example, you can decide to trigger a notification when the following criteria are met: - -- Status of the new alert is `Ongoing` -- Urgency of the new alert is `higher than 80` -- Involved asset is `My Critical Asset` - - -### Intelligence Center Notifications - -You can configure your notification rule to be triggered when a new `report` is merged in Sekoia.io’s Intelligence Center. - -To do so, you have to: +!!! Warning + Each notification is only visible to the user who created it and within the community where it was created. -1. Select an `event` and `conditions` that will trigger your notification rule. You can configure your notification rule to be triggered on `reports being added` -2. Choose one or multiple `conditions` amongst multiple options (name, description, refers to, sector, country, TLP, FLINT, confidence level…) -3. Select `actions` that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel -4. Give your notification a `name` -5. Save your changes +You can access your in-app notifications from the main navigation. -For example, you can decide to trigger a notification when the following criteria are met: +## Create a new notification -- It refers to the malware `Cobalt Strike` -- It concerns the country `France` +**Single-tenant mode**: Notifications apply only to the current workspace. +**Multi-tenant mode**: By default, notifications come from all communities, but you can choose to receive notifications from a specific community. -### Playbooks notifications +1. Go to Settings > Notifications > `+ New notification` +1. Choose the event and conditions that will trigger your notification rule (e.g., new or existing alerts) +2. Set conditions like alert status, urgency, and involved asset +3. Decide on actions like in-app notifications, emails, texts via webhooks, or Mattermost channels +4. Give your notification a name +5. Save your settings -The "A playbook has encountered an error" trigger, if selected alone, will send a notification for each error encountered by a playbook in your community, whether or not this error causes the playbook to crash. +## Example notification criteria -If you wish to be notified only if the playbook encounters an error *and* crashed, you can select the "And crashed" condition. +New alert status is `Ongoing` +Alert urgency is `higher than 80` +Involved asset is `My Critical Asset` +Other examples can be found in [this section of the documentation](notifications-Examples.md). \ No newline at end of file diff --git a/docs/getting_started/regions.md b/docs/getting_started/regions.md index 57cf499862..8364f178d7 100644 --- a/docs/getting_started/regions.md +++ b/docs/getting_started/regions.md @@ -1,18 +1,18 @@ # Sekoia regions -Sekoia is currently available in several European regions. Each of them will enable you to meet advanced legal or safety constraints. +Sekoia is currently available in several European and Middle-Eastern regions. Each of them will enable you to meet advanced legal or safety constraints. ## Watch out for region-specific URLS !!! warning - ✋ Please note: The region in which you are located has an impact on the product URLs. + ✋ Please note that the region in which you are located has an impact on the product URLs. !!! warning ⌛ Some URLS may change in the future. When you find URLs of the type app.sekoia.io in the product documentation, be sure to replace this value with that of your region ("URL" in the tables below). -For example, if you're in the FRA2 region, replace app.sekoia.io with fra2.app.sekoia.io. +For example, if you are in the FRA2 region, replace app.sekoia.io with fra2.app.sekoia.io. ## France - FRA1 diff --git a/docs/getting_started/roles.md b/docs/getting_started/roles.md index 56e3ab5106..3f8a04ffc1 100644 --- a/docs/getting_started/roles.md +++ b/docs/getting_started/roles.md @@ -22,11 +22,11 @@ Based on user feedback, we plan to introduce more built-in roles to accommodate In addition to built-in roles, each admin may create Custom roles. These will work in conjunction with built-in roles, providing even more flexibility for user access control. -## Permissions +Please refer to this section to learn [how to create custom roles](custom_roles.md). -You can discover all permissions associated either to built-in or custom roles directly from the UI in `Managed communities > Roles` +## Permissions -![Permissions](/assets/roles_permissions.gif){: style="max-width:100%"} +You can discover all permissions associated either to built-in or custom roles directly from the UI in `Settings > Worskpace Roles`. ## Legacy roles diff --git a/docs/getting_started/securitytokens.md b/docs/getting_started/securitytokens.md index 8cd0fac2f4..a7c16bd8b4 100644 --- a/docs/getting_started/securitytokens.md +++ b/docs/getting_started/securitytokens.md @@ -1,3 +1,7 @@ +# Set up account security + +## Security tokens + WebAuthn standard (Web Authentication) is supported in Sekoia.io as we value high security standards. Users can use multiple tools to access their account in the fastest and most secure way possible. These security tokens can be used as a second factor of authentication instead of a verification code. Depending on your web browser, you can use different types of security tokens to connect to the platform. These tokens can be `physical` (a USB security key) or `embedded` in your machine (fingerprint authentication). The platform supports [FIDO2-compliant authenticators](https://fidoalliance.org/certification/authenticator-certification-levels/) including security keys, Touch ID, Face ID and [Windows Hello](https://support.microsoft.com/en-us/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0). @@ -6,8 +10,8 @@ Depending on your web browser, you can use different types of security tokens to To add a security token and enhance the overall security of your account, follow these instructions: -1. Go to the User Center > Account settings -2. In the Security section, click on `Add` +1. Go to `Settings` > Profile and security +2. In the Security Token section, turn ON the toggle 3. Enter your actual password 4. Follow instructions in your browser to enroll your security token 5. Save your settings @@ -17,4 +21,4 @@ To add a security token and enhance the overall security of your account, follow ### Remove a security token -To remove or change a security token, simply go to your Profile > Security section, and click on `Disable` next to the Security Token section. Enter your password and save your changes. +To remove or change a security token, simply go to your Profile > Security Token section, and turn OFF the toggle. Enter your password and save your changes. diff --git a/docs/getting_started/session_duration.md b/docs/getting_started/session_duration.md index 46d55bdea7..2ab153b6e5 100644 --- a/docs/getting_started/session_duration.md +++ b/docs/getting_started/session_duration.md @@ -1,7 +1,28 @@ # Session duration -The session duration for a community sets the maximum idle time before users in this community have to log in again. +The session duration for a workspace/community sets the maximum idle time before users in this community have to log in again. The default session duration is one month, which is also the maximum session duration. You can select a shorter session duration of up to 15 minutes. -If you are in multiple communities, your session duration will be based on the community with the shortest session duration. \ No newline at end of file +If you are in multiple communities, your session duration will be based on the community with the shortest session duration. + +Session duration determines the maximum idle time before users are required to log in again. This is an important security feature that helps protect your account and data. + +## Default and custom session durations + +- **Default session duration**: The default session duration is set to one month. This means that if you remain idle for up to one month, you will not be required to log in again. +- **Maximum and minimum session durations**: One month is the maximum session duration. You can customize the session duration to be shorter, with a minimum duration of 15 minutes. This allows for increased security by requiring more frequent logins during periods of inactivity. + +## Managing session duration for multiple communities + +If you are a member of multiple communities, your session duration will be governed by the community with the shortest session duration setting. + +## Setting session duration + +If you are an admin and you want to adjust the session duration for your workspace/community: + +1. Go to Settings, then Workspace security +2. Find session duration in the list +3. Choose the desired session duration from the available options (ranging from 15 minutes to one month) + +By managing your session duration effectively, you can balance convenience with security, ensuring that your account as well as other users' accounts remain protected while minimizing unnecessary logins. \ No newline at end of file diff --git a/docs/getting_started/sso/openid_connect.md b/docs/getting_started/sso/openid_connect.md index ffcd734614..ebb0f44935 100644 --- a/docs/getting_started/sso/openid_connect.md +++ b/docs/getting_started/sso/openid_connect.md @@ -13,8 +13,8 @@ Sekoia.io requires your domains to be verified in order to be used for authentic To do so: -1. Go to "Managed communities" > "Security" > "Verify your domains" > "+ Domain" -2. Input your domain and validate using the "Send for verification" button +1. Go to Settings > Workspace Security > Verify your domains > `+ Domain` +2. Input your domain and validate using the `Send for verification` button 3. Your domain will have the status "Waiting for verification" 4. Once it has been validated by our team, this status will become "Verified" @@ -23,12 +23,13 @@ To do so: To set up SSO, follow these instructions: -1. Go to "Managed communities" > "Security" > "Configure single Sign-on (SSO)" > "Configure" +1. Go to Settings > Workspace Security > Configure single Sign-on (SSO) > `Configure` 2. Fill in identity provider details 3. Save the configuration Once SSO is set up and your IdP is configured to accept requests, users can log in via the Single Sign-on URL available on this page. -Share it with your users. + +From there, you can share it with your users. ## "Just-in-time" (JIT) Account Provisioning @@ -37,7 +38,7 @@ You can choose to enable the automatic creation of users' accounts in your commu By using this feature, when a user logs-in for the first time, their account will be automatically created. You can set the default role for newly created users, and you can choose the default role among all the roles available in your community. -If you don't enable "just-in-time" account creation, you will have to manually create user accounts. You can learn more about how to create user accounts in the article "[Invite users to join your community](https://docs.sekoia.io/getting_started/invite_users/)". +If you don't enable "just-in-time" account creation, you will have to manually create user accounts. You can learn more about how to create user accounts in the article [Invite users](invite_users.md)". ## Login method @@ -53,4 +54,4 @@ When the "two-factor authentication" (MFA) is enabled or enforced for your accou ## Disable Account -To prevent a user from retrieving your organization's data, you can easily deactivate the user from your community and your identity provider. +To prevent a user from retrieving your organization's data, you can easily deactivate the user from your workspace and your identity provider. diff --git a/docs/getting_started/twofactor_workspace.md b/docs/getting_started/twofactor_workspace.md new file mode 100644 index 0000000000..1b110f7d10 --- /dev/null +++ b/docs/getting_started/twofactor_workspace.md @@ -0,0 +1,28 @@ +# Enforce Two-Factor Authentication for all users + +Two-Factor Authentication (2FA) adds an extra layer of security to user accounts by requiring a second form of verification during login. This ensures that even if a password is compromised, unauthorized access is prevented. + +## Benefits of enabling 2FA to all users in a workspace + +- **Enhanced security**: 2FA provides additional protection for user accounts, making it significantly harder for unauthorized users to gain access. +- **Compliance**: Many security standards and regulations recommend or require the use of 2FA for enhanced data protection. + +## Enforcing 2FA for all users + +To enforce 2FA for all users in a community, you need to have the necessary permissions. Follow these steps: + +1. Navigate to the Settings page +2. Go to the Workspace security section +3. Locate the Two-Factor Authentication option +4. Click on Enable and follow instructions +5. Confirm and save your changes to enforce the new security policy. + +!!! note + When deploying 2FA for all workspace users, they will be forced to [configure their second authenticator factor](account_security.md) on their next login. + + +## Impact of enabling 2FA + +**New users**: New users will be required to configure 2FA during the registration process. This ensures that every new account has 2FA enabled from the start. + +**Existing users**: Users who are logged out and do not have 2FA configured will be redirected to the 2FA configuration page upon their next login attempt. They will need to complete the 2FA setup to gain access to their account. \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 6f15374afc..c32315b88d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -29,34 +29,40 @@ markdown_extensions: - markdown_include.include - lightgallery nav: -- Getting Started: +- Getting started: - Overview: getting_started/index.md - - 1. Set up account: - - Join a community: getting_started/join_community.md - - Create your account: getting_started/create_account.md - - Set up account security: + - Where to start: getting_started/concepts.md + - Workspace setup: + - Join workspace: getting_started/join_community.md + - Create and delete communities: getting_started/create_community.md + - Account setup: + - Create account: getting_started/create_account.md + - Setup account: getting_started/account_settings.md + - Security and access: + - Account security: - Two-Factor Authentication: getting_started/account_security.md - Security tokens: getting_started/securitytokens.md - - 2. Manage communities: - - Edit a community: getting_started/community-edit.md - - Create a sub-community: getting_started/community-create_sub_com.md - - Set up community security: + - Workspace security: - Session duration: getting_started/session_duration.md + - Two-Factor Authentication: getting_started/twofactor_workspace.md - SSO with OpenID Connect: getting_started/sso/openid_connect.md - SSO with Microsoft Entra ID (Azure AD): getting_started/sso/azure.md - SSO with Okta: getting_started/sso/okta.md - - 3. Navigate on the platform: getting_started/navigation.md - - 4. Manage users: + - Users and roles: - Invite users: getting_started/invite_users.md - Manage users: getting_started/manage_users.md - Deactivate inactive users: getting_started/inactive_users.md - - Roles: getting_started/roles.md - - 5. Manage notifications: - - Listing and creation: getting_started/notifications-Listing_Creation.md + - Roles and permissions: + - Build-in roles: getting_started/roles.md + - Custom roles: getting_started/custom_roles.md + - Notifications: + - Create and manage notifications: getting_started/notifications-Listing_Creation.md - Notification examples: getting_started/notifications-Examples.md - - 6. Manage API Keys: getting_started/manage_api_keys.md - - 7. Sekoia regions: getting_started/regions.md - - 8. Troubleshooting Tips: getting_started/get_troubleshooting_tips.md + - API Keys: getting_started/manage_api_keys.md + - Sekoia regions: getting_started/regions.md + - Troubleshooting tips: getting_started/get_troubleshooting_tips.md + + - Sekoia.io XDR: - Introduction: xdr/index.md - Quick start guide: xdr/xdr_quick_start.md From 91133991f30299e7e93bc422f0d7b5fa4791268c Mon Sep 17 00:00:00 2001 From: Khaoula Ettaleb <49680698+ka0ula@users.noreply.github.com> Date: Tue, 11 Jun 2024 15:09:28 +0200 Subject: [PATCH 2/5] Update manage_users.md --- docs/getting_started/manage_users.md | 43 ---------------------------- 1 file changed, 43 deletions(-) diff --git a/docs/getting_started/manage_users.md b/docs/getting_started/manage_users.md index b2e99e1bea..3e0cc9e279 100644 --- a/docs/getting_started/manage_users.md +++ b/docs/getting_started/manage_users.md @@ -10,7 +10,6 @@ From the listing of users in a workspace, their role, emails, date of registrati A search bar helps quickly look for a member, and quick actions like Deactivate or delete a user can be done directly from the table. - A role has attached permissions allowing a user to access, view pages and use its features. In the following sections, you will learn how to manage your users. @@ -32,45 +31,3 @@ From this page, you can: - Delete user from the community - -## In multi-tenant workspaces - -In a multi-tenant workspace, role management can be tricky. Here is how to handle it: - -When a user is invited to the workspace, the role assigned to this user is the same in all communities. -The same behavior happens when a user is added to - -In addition to that, external roles can be added in any managed community to the user role set previously in the main MSSP community. -Roles assigned to a user in a managed community are independent from their roles in other subcommunities. - -For example, - -1) A user has been added with the role `IC_viewer` set in the main MSSP community. -This user will have this role applied in all other managed communities. - -2) Then the admin adds the role `IC_writer` to this user in a specific managed community. -The user will have the role `IC_writer` in this specific managed community in addition to the role `IC_writer` set in the main MSSP community. - -To learn more about how to invite users to MSSP communities, please refer to [this documentation](https://docs.sekoia.io/getting_started/invite_users/#in-an-mssp-community). - -## Create custom roles - -As an admin of your community, you can control what kind of actions your guests are allowed to do. Our roles’ system is based on permissions already defined by us and we keep them up to date following our latest features. - -For example, some users in your community will only be able to view data but cannot interact with it. Others can change the status of an alert, write a content proposal or simply duplicate a dashboard, without being able to access other parts of the app. - -To create custom roles for your guests, you’ll have to: - -1. Access your `Managed Communities` by clicking on your avatar on the upper right of the screen -2. Click on the `Roles` tab then on the `+Role` button -3. Provide a `name` and a `description` to your new role -4. Select `permissions` you want to give to your users -5. Save your changes - -!!! note - You can edit or delete roles by clicking on the icons on the right side of the table that lists all the roles. - -## Add permissions - -Permissions can be different depending on your job position at your company. -There are three main categories to all of these permissions: `Admin`, `Manage` or `View`. From 6d18b7bea1957d1129b0046f7e9e4cbd77876db0 Mon Sep 17 00:00:00 2001 From: Khaoula Ettaleb <49680698+ka0ula@users.noreply.github.com> Date: Tue, 11 Jun 2024 15:15:26 +0200 Subject: [PATCH 3/5] Update manage_users.md --- docs/getting_started/manage_users.md | 49 +++++++++++++++++----------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/docs/getting_started/manage_users.md b/docs/getting_started/manage_users.md index 3e0cc9e279..66a2d40031 100644 --- a/docs/getting_started/manage_users.md +++ b/docs/getting_started/manage_users.md @@ -1,33 +1,44 @@ # Manage users -## Overview +You can manage users in your workspace from the Workspace section in the Settings. To manage users, you must have the Admin role. -You can manage users from the section Workspace in the Settings. -To manage users in a workspace, you need to have the Admin role. +## User information -Each user has a name, date of registration, and a role assigned. -From the listing of users in a workspace, their role, emails, date of registration and authentication method are displayed. +Each user profile includes: -A search bar helps quickly look for a member, and quick actions like Deactivate or delete a user can be done directly from the table. +- Name +- Date of registration +- Assigned role -A role has attached permissions allowing a user to access, view pages and use its features. +In the user listing, you can see: -In the following sections, you will learn how to manage your users. +- Role +- Email +- Date of Registration +- Authentication Method -## Detailed page of a user +A search bar allows you to quickly find a member, and quick actions like deactivating or deleting a user can be performed directly from the table. -To access the detailed page of a user: +## Actions -1. Go to `Users` page in Settings -2. Click on the name of the user +To access the detailed page of a user: -From this page, you can: +1. Go to the Users page in Settings +2. Click on the name of the user + +From this page, there are various actions available to you: + +- Add new roles: Assign additional roles to the user +- View permissions: See the permissions attached to each assigned role +- Access assigned roles: View the list of roles assigned to the user +- Delete roles: Remove assigned roles from the user +- Deactivate account: Temporarily disable the user's account +- Delete user: Permanently remove the user from the community + +Roles have attached permissions that determine a user's access, visibility of pages, and usage of features. + +!!! note + To learn more about roles and permissions, see [this section of the documentation](roles.md). -- Add new roles to the user -- See attached permissions to each role attributed -- Access the list of assigned roles -- Delete assigned roles -- Deactivate account -- Delete user from the community From 22c07be60ad8a95532e2daf0748cc833b24a87f8 Mon Sep 17 00:00:00 2001 From: Khaoula Ettaleb <49680698+ka0ula@users.noreply.github.com> Date: Tue, 11 Jun 2024 16:33:32 +0200 Subject: [PATCH 4/5] Update docs/getting_started/create_community.md Co-authored-by: rombernier <136727505+rombernier@users.noreply.github.com> --- docs/getting_started/create_community.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting_started/create_community.md b/docs/getting_started/create_community.md index dbcdc7dc1d..d2a9b16d16 100644 --- a/docs/getting_started/create_community.md +++ b/docs/getting_started/create_community.md @@ -9,7 +9,7 @@ For single-tenant users, a workspace is automatically created upon subscribing t For multi-tenant users, such as Managed Security Service Providers (MSSPs), a primary workspace is created. These users can add multiple communities to manage their various clients or departments. !!! info - To access multi-tenant mode, contact your Sekoia account executive. Once subscribed, you will be switched to muulti-tenant mode in the following days. + To access multi-tenant mode, contact your Sekoia account executive. Once subscribed, you will be switched to multi-tenant mode in the following days. ## How to create a community From e5d0e2fa1b7e03d9adbc8ee8a761aa4493570386 Mon Sep 17 00:00:00 2001 From: Khaoula Ettaleb <49680698+ka0ula@users.noreply.github.com> Date: Wed, 12 Jun 2024 14:21:46 +0200 Subject: [PATCH 5/5] Update mkdocs.yml manage instead of delete --- mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index c32315b88d..737e47bc4e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -34,7 +34,7 @@ nav: - Where to start: getting_started/concepts.md - Workspace setup: - Join workspace: getting_started/join_community.md - - Create and delete communities: getting_started/create_community.md + - Create and manage communities: getting_started/create_community.md - Account setup: - Create account: getting_started/create_account.md - Setup account: getting_started/account_settings.md