Current ThreatQ Version Filter
 

Managing User Accounts

THREATQ REQUIRED PERMISSIONS

Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: Administrative Functions - Edit User Management

The Edit User page allows you to customize each user account’s account maintenance and display settings.

Account Maintenance Settings
Section/Field Description
Profile Information Allows you to specify a display name and title for each user. These settings are independent of the username required for logging into ThreatQ. In addition, you can update a user’s permissions by changing the user role group assigned during login creation.
Change Password Allows you to change the user’s current password.
Role Assignment Allows you to select the user role assigned to the user account. The user role controls the user’s access to the ThreatQ user interface and ability to edit ThreatQ data. You can also use the View all roles and View permissions links to access a list of user roles and permissions in the User Management page.

You can also add/update a user account’s user role via the Roles tab in the User Management page.

You cannot update your role assignment when accessing your own account by clicking the avatar icon.
API Credentials - Client ID Displays the user’s unique client ID. This ID can be used to connect with ThreatQ’s API or by external scripts and integrations that authenticate with ThreatQ.
Session Timeout Allows you to disable session timeouts for the user or change the inactivity duration that triggers a session timeout. By default, the user’s session times out after sixty minutes of inactivity.
Enable 2-Step Verification Optional.  Allows you to enable/disable 2-step verification.
Client CERT Authentication Enabled If SSL Client Certificate Authentication is enabled, this section displays the user's certificate fingerprint or allows you to add/update a certificate fingerprint.
Account Status Allow you to enable/disable the user account.
Account Activity You can click the Account Activity log tab to view the following information:
  • The last date and time the user logged in.
  • The IP Address where the user logged in.
  • Whether the login was successful or not.
Display Settings
Section/Field Description
User Avatar Allows you to upload an image file that displays in the following locations:
  • Upper right corner of each ThreatQ page
  • Next to the user name when displayed in the Role Assignment section of the Roles tab (User Management page) .
ThreatQ provides a default avatar based on the user’s initials.
Screen Display Allows you to specify dark, light, or a combined (split mode) display for ThreatQ pages.
Timezone Display Allows you to override the system default timezone and select the timezone displayed in the ThreatQ user interface and PDFs.

This selection only affects the display of timestamps in the user interface and PDFs. ThreatQ continues to store timestamps in UTC and share UTC timestamps with resources such as ThreatQ Data Exchange (TQX), ThreatQ TDR Orchestrator (TQO), exports, and TAXII.

While all users can update their own accounts, only users with access to the User Management page through a Maintenance Account or Administrative Access default user role or a custom user role with permission to edit User Management can access the User Management page and add new or update existing user accounts.

While all users can update their own individual accounts, only users with Maintenance Account and Administrative Access user roles have permission to access the User Management functionality. You must be logged in as one of these roles in order to create new user accounts.

When you first install ThreatQ, the system creates a default user account, the Maintenance Account. You cannot delete this account. You can use it to initially create other user accounts. Each user account must have a unique username.

Accessing Your User Account

Click your avatar icon, located in the top right corner and select the My Account option. The Edit User screen allows you to review and update your Account Maintenance and Display settings.

You cannot update your role assignment from this page.

You can view all user roles and view your user roles permissions if your user role provides edit access to the User Management page.

  1. Click your avatar icon, located in the top right corner and select the My Account option.
    The Edit User screen allows you to review and update your Account Maintenance and Display settings.

Accessing Other User Accounts

To add, edit, and delete user accounts, you must have either a Maintenance or Administrative default user role or a custom user role that includes permission to edit user management.

  1. Click the Settings icon and select the User Management option. The User Management screen displays a list of user accounts.
  2. You can filter and/or sort the user accounts displayed by:
    • Display Name
    • Status
    • Username
    • Email Group
    • 2-Step Verification
  3. Based on your permissions, you can also click a display name to access the User Profile and Account Activity tabs for the user account:
    • User Profile tab - Lists the Account Maintenance and Display settings for the user.
    • Account Activity tab - Lists the last date and time the user logged in, the IP Address where the user logged in, and whether the login was successful or not.

Only users with Maintenance and Administrative accounts can add, edit, and delete other user accounts.

  1. Click the Settings icon  and select the User Management option.
    The User Management screen displays a list of user accounts.
  2. You can filter and/or sort the user accounts displayed by:
    • Display Name
    • Status
    • Username
    • Email
    • Group
    • 2-Step Verification
  3. If you are logged in with a Maintenance or Administrative account, you can also click a display name to access the User Profile and Account Activity tabs for the user account:
    • User Profile tab - Lists the Account Maintenance and Display settings for the user.
    • Account Activity tab - Lists the last date and time the user logged in, the IP Address where the user logged in, and whether the login was successful or not.
User Account Properties
Field Description
Name Update the user's name.
Title Update the user's job title.
Email You can update the user's email address.
Password You can click on the Change Password link to update the user's password.
API Credentials You can view the user's API credentials, a unique Client ID, which will allow him/her to connect with ThreatQ's API.
Session Timeout You can update or disable the user's session timeouts.
Screen Display If you change your display theme, you will see the update immediately. If you change another user's display theme, the new mode updates the display the next time they log in.
User Avatar You can update the user avatar.
2-Step Verification Optional.  The toggle switch in this section allows you to enable/disable 2-step verification.
Client CERT Authentication Enabled If SSL Client Certificate Authentication is enabled, this section displays the user's certificate fingerprint or allows you to add/update a certificate fingerprint.
Activity Log You can click on the Activity log tab to view the following information:
  • The last date and time the user logged in.
  • The IP Address where the user logged in.
  • Whether the login was successful or not.

Adding a User

To add, edit, and delete user accounts, you must have either a Maintenance or Administrative default user role or a custom user role that includes permission to edit user management.

  1. Click the Settings icon and select the User Management option.
  2. Click Add User.
    The Add User window is displayed.
  3. Populate the following fields:
    • Display Name - Required. Enter the user's name.
    • Title - Optional. Enter the user's title.
    • Group - Required. Select the level of access for the user from the drop-down menu:
      • Maintenance Account
      • Administrative Access
      • Primary Contributor Access
      • Read Only Access
        See the User Roles topic for more detail on these access levels.
    • Username - Required. Enter the user's login ID.
    • Email - Optional. Enter the user's email address.
    • User Role - Required. Select the user role for the user account. The View permissions link below this field allows you to view the default user role, action permissions, and assigned user accounts for the user role you select.
    • Password - Required. Enter the user's password.
    • Retype Password - Required. Re-enter the user's password.
  4. Click the Add User button.
    The System Users tab displays the new user. See the Editing a User topic for information on further customizing the user profile.

Only users with Maintenance and Administrative accounts can add user accounts.

  1. Click the Settings icon  and select the User Management option.
  2. Click Add User.
    The Add User window is displayed.
  3. Populate the following fields:
    • Display Name - Required.  Enter the user's name.
    • Title - Optional.  Enter the user's title.
    • Group - Required.  Select the level of access for the user from the Group drop-down menu:
      • Maintenance Account
      • Administrative Access
      • Primary Contributor Access
      • Read Only Access

        See the User Roles topic for more detail on these access levels.

    • Username - Required.  Enter the user's login ID.
    • Email - Optional.  Enter the user's email address.
    • Password - Required.  Enter the user's password.
    • Retype Password - Required.  Re-enter the user's password.
  4. Click the Add User button.
    The System Users tab displays the new user.  See the Editing a User topic for information on further customizing the user profile.

Editing a User

To add, edit, and delete user accounts, you must have either a Maintenance or Administrative default user role or a custom user role that includes permission to edit user management.

You cannot edit user details for SAML nor LDAP users from the User Management page.

Tips and Tricks

  • The Suggested option in the Timezone Display field is based on your browser timezone.
  • The Timezone Display field allows you to scroll through a list of timezones in alphabetical order by continent/region and city or search for a timezone by city, region or timezone abbreviation or name.
  • After you select a timezone, the Reset option allows you to reset your timezone display to Greenwich Mean Time (GMT).
  1. Click the Settings icon and select the User Management option.

    To edit your own account, click your avatar icon and select My Account. Proceed to step 3 below.

  2. Click the user's display name.
    The User Profile page loads.

    Edit User Profile

  3. Enter your updates to the user's Account Maintenance and Display settings.
  4. Click the Save button.

Only users with Maintenance and Administrative accounts can edit another user's account.  You cannot edit user details for SAML nor LDAP users from the User Management page.

  1. Click the Settings icon Settings Icon and select User Management.

    To edit your own account, click your avatar icon and select My Account.  Proceed to step 3 below.

  2. Click the user's display name.
    The User Profile page loads.

     

  3. On the User Profile tab, you can view and/or edit the following settings:
    Field Description
    Name Update the user's name.  
    Title Update the user's job title.  
    Email You can update the user's email address.  
    Password You can click on the Change Password link to update the user's password.  
    API Credentials You can view the user's API credentials, a unique Client ID, which will allow him/her to connect with ThreatQ's API.  
    Session Timeout You can update or disable the user's session timeouts.  
    Screen Display Allows you to update a user's display theme.  If you change another user's display the new mode updates the display the next time they log in.
    User Avatar You can update the user avatar.  
    2-Step Verification Optional.  The toggle switch in this section allows you to enable/disable 2-step verification.  
    Client CERT Authentication Enabled If SSL Client Certificate Authentication is enabled, this section displays the user's certificate fingerprint or allows you to add/update a certificate fingerprint.  
  4. You can also click on the Login Activity tab to view:
    • The last date and time the user logged in.
    • The IP Address where the user logged in.
    • Whether the login was successful or not.
      Activity Log
  5. After you enter your changes, click the Save button.

Resetting a User Password from the Command Line

If you have root access to your ThreatQ installation, you can reset any user's password from the command line.  See the Reset User Password section in the Commands topic.

Deleting a User

Deleting a user cannot be undone. In addition, you cannot delete the user account you are currently logged in with.

  1. Click the Settings icon Settings Icon and select the User Management option.
  2. In the System Users tab, click the checkbox next to each user you want to delete.
  3. Click the trashcan icon.
    ThreatQ reviews the user ID to determine if it has any shared data collections, data feeds, dashboards, or investigation.  In addition, it determines if the user is listed as point of contact on any system object or is assigned with a task.  If so, the Are you sure? window displays  and prompts you to select a new user to replace the deleted user. 

    To view more information on the items a user is linked to, you can click the corresponding link on the item name.  For instance, click the Point of Contact on Event Objects link to view a Threat Library listing of all event objects for which the user is a point of contact. 

    Reassign Dashboard
  4. Click the Reassign to user field and do one of the following:
    • Reassign Ownership - Select the new owner of the data collections, data feeds, dashboards, and/or investigations.  This user will also replace the deleted user as an object's point of contact and/or a task's assignee.

      The new owner must have permission to access the resource type. For instance, to assign John as the new owner of a data collection, he must have permission to create, edit, or delete data collections.

    • Delete - Select the Do not reassign. Delete these items and remove users from objects. option to delete all of the user's data collections, data feeds, dashboards, and/or investigations.  In addition, the user is removed as a point of contact or task assignee.
  5. Check the confirmation checkbox and click the Delete User button.

Updating a User Avatar

User avatars provide a personalized look to your ThreatQ dashboard.  ThreatQ supports the use of all standard image types for avatars and a maximum image size of 260 x 260 pixels.

  1. Click the avatar icon and select My Account.
    The Edit User page is displayed.
  2. From the Use Avatar section, you can:
    • Click the browse link and select the icon to upload.
    • Click and drag the new icon onto the page.
  3. Click the Save button.