You will learn how to assign Team level Access within the NopSec platform.
Overview
Within NopSec all users belong to one or more Teams. Each Team is configured with a Role and a Target Access Query that restricts what Targets the user can see.
If a user belongs to two or more teams, they can see the aggregation of all Team Access Queries.
By Default, each Team will have access to all Vuln Instances on each Target. You have the option to configure a Vuln Instance Access Query per team which can filter the list of vuln instances displayed to you automatically, however, it is important to note that this is a user experience feature not a data access feature. The user technically still is allowed to see all other vuln instances in the target, the vuln instance access query just removes the step of selecting default filters, queries, or reports to filter down to their scope.
Target Access Query
Previous to June 2024, NopSec named this as Data Access Query. Going forward this is now called Target Access Query.
Pre-requisites:
- Only admin level users can create Target Access Queries. You must have:
- teams.read
- teams.write
- settings.read
A Target Access Query (TAQ) is configured within the Prioritize page by:
- Open the Query Manager
- Click on the Target Access Query tab
- Create a New Query
- Click Save
Now you can apply that query to one or more teams within the Team Settings page.
- Go to Settings
- Click on Users
- Click on Teams Tab
- Find the Team you wish to update or create a new team
- Click on the Target Access Query tab
- Click on the dropdown and find the query you created above
- Click Save
Going forward all targets will be evaluated to determine which team they belong to as they are scanned and ingested into the NopSec platform.
Vuln Instance Access Query
Vuln Instance Access Queries (VIAQ) are configured exactly the same way as Target Access Queries.
Pre-requisites:
- Only admin level users can create Target Access Queries. You must have:
- teams.read
- teams.write
- settings.read
A Vuln Instance Access Query (VIAQ) is configured within the Prioritize page by:
- Open the Query Manager
- Click on the Vuln Instance Access Query tab
- Create a New Query
- Click Save
Now you can apply that query to one or more teams within the Team Settings page.
- Go to Settings
- Click on Users
- Click on Teams Tab
- Find the Team you wish to update or create a new team
- Click on the Vuln Instance Access Query tab
- Click on the dropdown and find the query you created above
- Click Save
Best Practices
- Try to segment Teams with no Overlap
- While it is possible to overlap your teams, it may be helpful to segment your teams completely such that they are not sharing any Targets with one another.
- You can do this by managing the Target Access Queries to use filters such as:
- Tags
- IP Addresses
- Hostnames
- Vuln Instance Access Queries can leverage the following filters for the best scenarios:
- Scanner UID - this is the equivalent to Qualys ID (QID) or Tenable ID etc. You can provide a list of Scanner UIDs.
- CVE - You can filter by a list of CVEs
- CWE
- Categories
- Title Contains = Look for any vuln instance where the title contains Windows or Chrome
- Create organizational structure by creating multiple teams by Role
- Let's say you have a Security Windows Team that needs to work with the Infrastructure team. The Security Team is the analyst reviewing the vulnerabilities and determining which need to be prioritized for the Infrastructure team to remediate.
- Create Two Teams, one with the Analyst Role and the other with the same role (or ask your Customer Success team to create a custom role) for your Infrastructure team.
- For instance you may want to have your Infrastructure Team to only be able to Create Exception Plans but not Remediation Plans.
- You can name them similarly but the goal is to segment your users across the two teams and share the same Target Access Query and Vuln Instance Access Queries.
- Both teams can now see the exact same items, however, can have different responsibilities and available actions.