github-actions[bot]
commented
1 year ago Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/
What problem are you trying to solve? Please describe. Current red/blue groups defined as is allow to both teams to work together with a different perimeter. However, a user is linked to a group with full access to the group (agents, abilities, adversaries, operations) People can't have seggregated rights to have for instance simple roles such as:
A business case around that is that we want to setup automatic tests based on a real asset (windows or linux) to test our detection rules used by a SIEM.
The short story of this would be that a test (ability) or several tests into a dedicated adversary would be executed on the given agents on which a log forwarder is installed to recover the data within the SIEM. Then, the detection rule is run over the period and should match the expected logs, proving that the detection rule is working as planned.
To perform those tasks, we can have administrators of the tool managing the platform, detection rule tests developers to create and tests their tests and potentially, within a production environment, a read-only access allowing developers to get access to the results without having the possibility to alterate the automatic pipeline (where tests are run periodically and automatically)
The ideal solution: What should the feature should do? It could be a plugin that could set up admin/developer/runner/read-only rights for each user and letting the right to manage who can access to what and with which privileges.
What category of feature is this?
No code to provide for now