Skip to main content

Create a Cluster to Grant Read-Only Access

This tutorial guides you through the process of creating an Informed users cluster in the Brinqa Platform. The purpose of this cluster is to provide designated users or groups with read-only access to specific data sets, such as assets or findings.

info

Before you proceed, ensure that the users you are adding to the informed users cluster have the Risk Analyst role assigned.

Users with the Configurator or System Administrator role can create or edit clusters. To create a new informed user cluster, follow these steps:

  1. Navigate to Clusters and click Informed users.

  2. Click Create and fill in the following fields:

    • Name: Enter a name for the cluster.

    • Description: Provide a description for the cluster.

    • Members: Select the user or users to be members of the cluster, who will have read-only access to the data sets defined by the conditions. This user must have the Risk analyst role.

    • Conditions: Click + to add criteria for each data model. At the minimum, informed users should have access to a set of hosts and vulnerabilities.

      • Target data model: Click the drop-down and select Host.

        Important

        Avoid selecting a parent data model (such as Asset, Finding, or Ticket) as the target. For example, instead of Asset, select a data model that extends Asset, such as Account, Host, Cloud Resource, and so on. This is because parent data models are not computed during consolidation and choosing a parent data model results in empty counts in the cluster.

      • Condition: Specify the condition to define the hosts you want this cluster to view. The supported syntax is Brinqa Condition Language(BCL).

        For example, if the status = "Active" and os CONTAINS "Linux" condition is met, users in this cluster can view all active hosts running the Linux operating system.

      • Click Test condition to see the results retrieved by the condition. This ensures that your cluster groups the expected hosts.

    • Click + to add a condition for Vulnerability.

      • Target data model: Click the drop-down and select Vulnerability.

      • Condition: Specify the condition to define the vulnerabilities you want this cluster to view.

        For example, if the targets.os CONTAINS "Linux" condition is met, users in this cluster can view vulnerabilities detected on machines running the Linux operating system.

      • Click Test condition to see the results retrieved by the condition. This ensures that your cluster groups the expected vulnerabilities.

  3. Click Create.

Clusters are synced through data computation. However, if you want the new clusters to go into effect immediately, follow these steps:

  1. Navigate to Administration Administration Button > Data > Models.

  2. Locate the data model that you have defined in the cluster. For example, Host or Vulnerability.

  3. Click Flows.

  4. Click the compute flow of your data model. For example, for the Host data model, click Host compute flow.

  5. Click Launch, and then click Launch again in the confirmation dialog.

  6. Repeat the steps for all the data models defined in your clusters.

  7. Navigate to the Informed user data model and click Flows.

  8. Click Informed user compute flow, click Launch and then click Launch again in the confirmation dialog.

After the flows have run successfully, navigate to Clusters > Informed users and click the cluster that you have created. Verify that the data sets defined by the conditions are viewable in the cluster. Alternatively, log in as a member of your clusters and verify that they can view the selected data sets.

info

If you see inaccurate or empty counts in the cluster, see the Troubleshooting section for information about the potential causes of the issue.