How can non-SecOps groups see SIT when only assigned to the group?

Bill_Ymr_61 · ‎08-18-2022

We have just recently started using SecOps, and have run into an issue. When a Security Incident Task (SIT) is created within a Security Incident (SIR), if it is only assigned to the group that does not have any SecOps roles (sn_si.*), then they do not see the SIT in their groups outstanding work (Service Desk ==> My Groups Work).

Currently, within a SIR there are times when we need to have a non-SecOps group do something on a device (workstation, server, etc...). The Security Analyst will click on "Add Response Task" to create a SIT.

***If the SIT is assigned directly to an individual, that individual is able to see the SIT in their outstanding work (Service Desk ==> My Work).

***If the SIT is assigned to just the group (which is standard policy in our organization), no members of that group are able to see the SIT in their group's outstanding work. Even if they know the SIT number, if they search for it, it does not show up.

Because we are a global organization, it is next to impossible to know who is able to work on the SIT; this is why our policy is to assign it to a group.

How can we make the SIT visible to the Assignment Group when assigned to only the group? We would like to avoid any ACL work if possible, but at this point will take almost any suggestion.

Chris McDevitt · ‎08-18-2022

Hi,

Try making a new Read ACL for the SIT table:

And you should probably try and limit the groups to certain roles.

View solution in original post

Chris McDevitt · ‎09-01-2022

Mhhh... I read into the question as if some random team needed access to their tasks and they did not have sn_si.external role... but you are correct....