Assign the avl_admin role

Assign the avl_admin role to your admin users.

Use Splunk Web to assign the avl_admin role to app administrators. See Create and manage roles with Splunk Web in the Securing Splunk Enterprise manual for instructions.

Assign desired roles directly to each user. Don't inherit user roles through another role.

Customize roles

The following roles are available on the Anvilogic App for Splunk. See Summary of roles and privileges to see a summary of the privileges provided by each role.

avl_admin
avl_senior_developer
avl_developer
avl_senior_triage
avl_triage
avl_readonly

You can customize the avl_senior_developer, avl_developer, avl_senior_triage, and avl_triage roles. The avl_admin and avl_readonly roles can't be modified.

For example, perform the following tasks to customize the capabilities allowed or restricted by the AVL Senior Developer role:

In the Anvilogic App for Splunk, select Settings > App Configuration.
Click User Settings to expand the section.
Click Customize AVL Senior Developer Role to expand the section for that role.
Deselect any capabilities you want to remove for this role, or select a capability to add it to the role.
Click Save.

Summary of roles and privileges

The following table lists the roles in the Anvilogic App for Splunk and the privileges granted by each role. You can customize the privileges enabled for each role as desired.

Privilege	AVL Senior Developer	AVL Developer	AVL Senior Triage	AVL Triage
Allowlist privileges
	✓	✓	✓	✓
	✓	✓	✓
	✓	✓	✓	✓
avl_add_al_global_entry	✓	✓	✓
avl_remove_al_global_entry	✓	✓	✓
avl_modify_al_global_entry	✓	✓	✓
avl_manage_rule_al	✓	✓	✓
avl_manage_global_al	✓	✓	✓
Triage privileges
avl_change_first_alert_status				✓
avl_change_all_alert_status	✓	✓	✓
avl_change_alert_status_to_new	✓	✓	✓
avl_bulk_alert_status	✓	✓	✓
avl_add_observation	✓	✓	✓	✓
avl_remove_observation	✓	✓	✓
avl_rate_rule	✓	✓	✓	✓
avl_add_rule_feedback	✓	✓	✓	✓
avl_create_case	✓	✓	✓	✓
avl_suppress_alert	✓	✓	✓	✓
avl_suppress_global_alert	✓	✓	✓	✓
Content deployment privileges
avl_deploy_content	✓
avl_write_hec	✓	✓	✓
avl_post_rest_platform	✓		✓
avl_post_rest	✓	✓	✓
avl_get_rest	✓	✓	✓	✓
avl_rest_config_access_get	✓	✓	✓	✓
avl_rest_config_access_post

Privilege

AVL Senior Developer

AVL Developer

AVL Senior Triage

AVL Triage

Allowlist privileges

✓

avl_add_al_global_entry

✓

avl_remove_al_global_entry

✓

avl_modify_al_global_entry

✓

avl_manage_rule_al

✓

avl_manage_global_al

✓

Triage privileges

avl_change_first_alert_status

✓

avl_change_all_alert_status

✓

avl_change_alert_status_to_new

✓

avl_bulk_alert_status

✓

avl_add_observation

✓

avl_remove_observation

✓

avl_rate_rule

✓

avl_add_rule_feedback

✓

avl_create_case

✓

avl_suppress_alert

✓

avl_suppress_global_alert

✓

Content deployment privileges

avl_deploy_content

✓

avl_write_hec

✓

avl_post_rest_platform

✓

avl_post_rest

✓

avl_get_rest

✓

avl_rest_config_access_get

✓

avl_rest_config_access_post

Next step

Configure the HEC collector commands.

Last updated 2 months ago