Restrict access to the API connector
To restrict access to the API connector, you can create a role in the console and set permissions in
Splunk
. If an SOC or IR role exists within Splunk
, you can skip this section.- UnderUsers and Authentication, clickSettings > Access Controls.
- Next toRoles, clickAdd New.
- For the Role Name, typeCylanceAPI.
- With the proper role created, you can set permissions for the role. On the Dashboard, clickSettings > All Configurations
- In the search field, typeapi_connector, then clickSearch.
- UnderSharing, clickPermissions. The role permissions display.
- For theEveryonerole, make sure Read and Write are not selected.
- For theCylanceAPIrole, make sure Read is selected. If the role name is different, make sure Read is selected for that role.
- ClickSave.