Security Teams are Choosing Graylog for their SOC | WHY SWITCH? >>>

Free Tools
See Demo

Teams Management

Productivity gains for all parties is an important goal for any business. Graylog’s Team Management enables enterprise-sized organizations to efficiently and securely control access to content creation at a Team level. With Teams, users can control access to dashboards and search templates without requiring an Administrator. This eliminates the reliance upon administrators for access, freeing up their time to focus on other tasks. Users gain a greater degree of flexibility to share information within a team and across the organization. Members work collaboratively and work more effectively within the teams. New members can come up to speed more quickly.

HOW IT WORKS

Teams encompass users, while roles indicate what the user can do/what actions they can take. Sharing at the feature/functionality level associates view, edit, and create privileges.

Graylog syncs with your organization’s authoritative identity source to automatically provision users with the appropriate rights and permissions to pull this all together. Graylog Enterprise maintains this synchronization when you activate the specific authentication service. Through this one-directional sharing, Graylog updates team members whenever the authoritative identity source updates for day one access upon login. Next, Graylog uses the current roles and AD groups to auto-populate access that reflects the organizational permissions structure.

You can follow a standard naming convention to make it easy to find teams using the name or a search term. For example, you can create the “Security Team,” which will make it easier to find users with similar data needs through lists of users, groups, or both. The global setting capabilities enable Admins to limit who views data more precisely, ultimately mitigating security and privacy risks. Organizations can still manually manage access and permissions if necessary.

NOTE: You cannot manually manage synchronized Teams in Graylog. You have to manage them in the original identity provider. For example, if you create an LDAP team, you cannot add or remove team members in Graylog. You can (and we recommend that you do) configure the roles that accompany the team.

EXAMPLES

  • ADDING MEMBERS TO A NEW TEAM
    Your company has set up a new Cybersecurity Team in Active Directory. This team needs access to a number of entities in Graylog. Instead of asking the IT Admin to add each of these members to Graylog individually, Graylog does it for you by syncing with Active Directory. Once there, a few of your members need access to Streams or Dashboards. The team owner can quickly grant these by selecting the Cybersecurity Team, and then save the changes so that users on the team automatically gain access to the Stream without needing to log out of Graylog.
  • SHARING DASHBOARDS WITHIN TEAMS
    A team member called Alice has created a dashboard with a private setting. Another team member called Bob wants access to the dashboard so that they can work collaboratively. Bob simply requests access to the dashboard and Alice goes to her dashboard view, chooses the requested dashboard, clicks the “Share” button, selects the access level she wants to provide, then clicks “Add Collaborator.” Once Alice saves her changes and Bob refreshes his browser,  they are working together on a new project.

FREQUENTLY ASKED QUESTIONS

  • WHO SETS UP THE USER? DOES THIS MAP OVER?
    All user accounts can be set up through your authoritative identity source using AD/LDAP which automatically assigns permissions based on those settings. Additionally, you can create local users called standalone users. However, no bidirectional syncing between Graylog and AD/LDAP exists so the standalone user access will have no impact on other access controls.
  • DOES GRAYLOG SET UP ROLES?
    We set up a standard set of 15 roles within Graylog, but the two most important are Admin and Reader. At minimum, users need a Reader role to see anything inside Graylog. There is no way to create custom roles.
  • WHAT IS THE MINIMAL AMOUNT OF INFORMATION REQUIRED TO CREATE A TEAM?
    A team is a designation given to a group of users but by itself has nothing and does nothing. Once you create a team, you need to set a description. An empty team can exist in Graylog but provides little benefit. Once you add users to the team, however, you can share information like Dashboards and Streams with the Team which shares the information across all the users in that team. You do not need to share the information one user at a time. You can also provide roles to a team that allows all members of the team to take actions within Graylog, like Create Reports. The AD/LDAP synchronization will automatically populate new users to a team when they join the organization.
  • IF I CHANGE THE USER IN GL, DOES IT REVERSE BACK TO AD/LDAP?
    No. The AD/LDAP sync is not bidirectional. It only goes from AD/LDAP to Graylog. Any standalone users that you set up manually in Graylog will not have any changes made to your authoritative identity source.
  • IF A USER SYNCS TO GRAYLOG, BUT DOESN’T BELONG TO A TEAM, WHAT CAN THEY DO?
    The primary permissions that will synch from AD/LDAP are Administrator and Reader. Users who are not considered Administrators in your identity source will have basic Reader permissions. However, without being assigned to a team, they will only be able to access Graylog, not see any information like Dashboards or Reports that have been shared with the team members.
  • WHEN SHOULD I CONSIDER THE ENTERPRISE SOLUTION?
    Enterprise provides additional access controls that help manage security and reduce noise for users. If your users are having a difficult time finding the reports they need, Enterprise would help separate out the different reports by teams. Additionally, if you find that your organization has grown to the point where your Administrator does not know all the individual users, Enterprise helps prevent excess access by granting control over what users are in teams to the person responsible for the team.
    For example, an organization with one security user, one developer user, and one support team user will likely not benefit from Enterprise. However, an organization with 10 security team members, 15 developers, and 5 support desk users would be more interested in separating out the reports most important to each user type and thus benefit from Enterprise.

We've Got You Covered

Windows

Linux

Unix

JSON, CSV, TXT

Storage Mgmt

Custom Apps

Change Mgmt

Switches

Firewalls

DNS

Routers

DBMS

Commercial Apps

Products

Graylog Security
Graylog Enterprise
Graylog Open
Graylog API Security
Graylog Cloud
Graylog Illuminate
Graylog Small Business
Pricing

Features

Access Control
Anomaly Detection
Audit Logs & Archiving
Data Enrichment
Data Management
Events & Alerts
Fleet Management
Integrations
Investigations
Reports & Dashboards
Risk Management
Scalable Architecture
Search

LEARN

Resource Hub
Blog
Videos
Webinars
Events
Community

SUPPORT

Customer Support
Documentation
Graylog Academy
Open Community

Company

About
Leadership
Partners
Careers
News & Awards
Contact

[email protected]

Follow Us:

Facebook-f Linkedin Github Youtube Reddit-alien

GRAYLOG HEADQUARTERS

1301 Fannin St, Ste. 2000
Houston, TX 77002

GRAYLOG COLORADO

1919 14th Street, Suite 700, Office 18
Boulder, CO 80302

GRAYLOG UNITED KINGDOM

34-37 Liverpool Street, 7th Floor
London, EC2M 1PP
United Kingdom

GRAYLOG GERMANY GMBH

Poolstraße 21
20355 Hamburg, Germany

© 2024 Graylog, Inc. All rights reserved

Privacy Policy | Legal | Sitemap