Management interface
ZADIG XDR is managed through a web-based graphical user interface. The management dashboard of our XDR solution provides analysts with the visualization of various types of information.
The interface natively integrates the display of priority events by setting up a dedicated section for alerts on the platform's homepage.
Through the alerts, analysts can access the history and contextual information necessary for investigating the cause-and-effect chains that triggered the alert. In this context, all available client data sources can be activated, such as threat intelligence tools, RSS feeds from alarm triage platforms, ticketing platforms, and public discussion forums.
Below are two examples of dashboards:
Single Sign On Access (SSO)
For access to the management platform, SAML and OAuth2 protocols are supported for access management through Single Sign-On (SSO) with Multi-Factor Authentication (MFA) support.
For illustrative purposes, here are the main steps to use the Azure AD tenant as an identity provider. To configure access to the management portal via Single Sign-On (SSO), it is necessary to create an application in Azure AD. To enable a user in the directory for access, you need to include the user as enabled for access through the 'Users and groups' menu. Below is an example screenshot of an Enterprise Application for managing SSO access:
The enterprise application allows the definition of roles assignable to directory users for access to the management platform. Below is an example of possible definable roles:
After configuring the application on the tenant, it is then necessary to enable Azure AD OAuth2.0 in the configuration file of the visualization component of the XDR solution.
Once the environment is configured for Single Sign-On (SSO) with Azure AD, from the Entra ID portal, it is possible to view all the sign-in records made by various users.
Role Based Access Control (RBAC)
As previously specified, for access to the management dashboard of our XDR solution, it is required that each user be associated with a role with specific permissions. The list of possible predefined base roles that can be assigned to each user is defined below. It is noted that the list can be customized by adding specific roles to meet the needs of the organization using the solution:
• Admin: has access to all organization resources, including dashboards, users, and teams;
• Editor: can view and modify dashboards, folders, and playlists;
• Viewer: can view dashboard and playlists.
The permissions mapped to each of the three roles are available in the following table: