Data RBAC in Google SecOps SIEM

Hello Everyone,

I have implemented Data RBAC feature on my id, but im not able to use the IOC Matches tab. In the official document they have mentioned that Data RBAC doesn't restrict access to IOC Matches tab. Can anyone help me to find out what is the issue if you have implemented the Data RBAC in Google SecOps SIEM.

Thanks

Page 1 / 1

what you mean by not able to use the IOC Matches tab? You mean you cannot access the tab or something is missing?

Check the permissions listed here -> https://cloud.google.com/chronicle/docs/reference/feature-rbac-permissions-roles

Do you have a license for it?

Yes, we do have license for it.

what you mean by not able to use the IOC Matches tab? You mean you cannot access the tab or something is missing?

Check the permissions listed here -> https://cloud.google.com/chronicle/docs/reference/feature-rbac-permissions-roles

Hi @hzmndt ,

After providing the necessary IAM permissions i'm able to access the IOC tab, but i'm facing another issue for looker dashboards i'm not able to access.

Could you please provide any assistance?

Per this article the IOC matches feature doesn't work with Data RBAC, so your user may have been assigned to a Data RBAC profile previously. As per dashboards, I haven't seen that error previously, only intermittently if there are some back-end server issue, so that one may require a support ticket. It is possible that your permission set however doesn't include the necessary permissions, but unfortunately can't tell that from the error screen you are seeing.

hi @citreno ,

In the medium blog by chris martin he has mentioned that Data RBAC doesn't support IOC tab, but if you see the official Google SecOps docs it states that IOC tab supports Data RBAC.

Please refer the document link:
https://cloud.google.com/chronicle/docs/administration/datarbac-impact

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded