LogoLogo
Anvilogic WebsiteProduct Documentation
  • Welcome to Anvilogic
  • What's New
    • What's new?
      • 6.x releases
      • 5.x releases
  • Get Started
    • Onboarding guide
      • Log in and set your password
      • Define your company's threat profile
      • Select your data repository and get data in
        • Integrate Splunk as your data repository
          • Download and install the Anvilogic App for Splunk
            • Splunk Cloud Platform
              • Verify requirements
              • Install the Anvilogic App for Splunk
            • Splunk Enterprise
              • Verify requirements
              • Download the Anvilogic App for Splunk
              • Install the Anvilogic App for Splunk
          • Create the Anvilogic indexes
          • Assign the avl_admin role
          • Configure the HEC collector commands
          • Connect to the Anvilogic platform
        • Integrate Snowflake as your data repository
          • Get data into Snowflake
      • Review data feeds
      • (Optional) Upload your existing detections
      • Review and deploy recommended content
      • Additional tasks
    • Reference Architectures
      • Anvilogic on Splunk Architecture
      • Anvilogic on Azure
      • Anvilogic on Snowflake Architecture
        • FluentBit
          • Linux data
          • Syslog data
          • Windows data
        • Fluentd
      • Anvilogic on Databricks Architecture
      • Hybrid - Anvilogic on Splunk & Snowflake Architecture
  • Security Controls
    • AI security controls
    • Monte Copilot & AI privacy and controls
Powered by GitBook
On this page
  • Customize roles
  • Summary of roles and privileges
  • Next step

Was this helpful?

Export as PDF
  1. Get Started
  2. Onboarding guide
  3. Select your data repository and get data in
  4. Integrate Splunk as your data repository

Assign the avl_admin role

Assign the avl_admin role to your admin users.

Last updated 9 months ago

Was this helpful?

Use Splunk Web to assign the avl_admin role to app administrators. See in the Securing Splunk Enterprise manual for instructions.

Assign desired roles directly to each user. Don't inherit user roles through another role.

Customize roles

The following roles are available on the Anvilogic App for Splunk. See to see a summary of the privileges provided by each role.

  • avl_admin

  • avl_senior_developer

  • avl_developer

  • avl_senior_triage

  • avl_triage

  • avl_readonly

You can customize the avl_senior_developer, avl_developer, avl_senior_triage, and avl_triage roles. The avl_admin and avl_readonly roles can't be modified.

For example, perform the following tasks to customize the capabilities allowed or restricted by the AVL Senior Developer role:

  1. In the Anvilogic App for Splunk, select Settings > App Configuration.

  2. Click User Settings to expand the section.

  3. Click Customize AVL Senior Developer Role to expand the section for that role.

  4. Deselect any capabilities you want to remove for this role, or select a capability to add it to the role.

  5. Click Save.

Summary of roles and privileges

The following table lists the roles in the Anvilogic App for Splunk and the privileges granted by each role. You can customize the privileges enabled for each role as desired.

Privilege
AVL Senior Developer
AVL Developer
AVL Senior Triage
AVL Triage

Allowlist privileges

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

✓

avl_add_al_global_entry

✓

✓

✓

avl_remove_al_global_entry

✓

✓

✓

avl_modify_al_global_entry

✓

✓

✓

avl_manage_rule_al

✓

✓

✓

avl_manage_global_al

✓

✓

✓

Triage privileges

avl_change_first_alert_status

✓

avl_change_all_alert_status

✓

✓

✓

avl_change_alert_status_to_new

✓

✓

✓

avl_bulk_alert_status

✓

✓

✓

avl_add_observation

✓

✓

✓

✓

avl_remove_observation

✓

✓

✓

avl_rate_rule

✓

✓

✓

✓

avl_add_rule_feedback

✓

✓

✓

✓

avl_create_case

✓

✓

✓

✓

avl_suppress_alert

✓

✓

✓

✓

avl_suppress_global_alert

✓

✓

✓

✓

Content deployment privileges

avl_deploy_content

✓

avl_write_hec

✓

✓

✓

avl_post_rest_platform

✓

✓

avl_post_rest

✓

✓

✓

avl_get_rest

✓

✓

✓

✓

avl_rest_config_access_get

✓

✓

✓

✓

avl_rest_config_access_post

Next step

Configure the HEC collector commands.

Create and manage roles with Splunk Web
Summary of roles and privileges