Roles
On this page, you can create and manage user roles within the Cyberhaven Console. Go to Preferences > Roles and Scopes.
Arole helps you define a user's permissions within the Cyberhaven Console. You can view the list of all the roles and create new roles on the roles tab. The Global Admin role is predefined and cannot be modified or deleted. The Assigned To column displays the number of users assigned to this role. The table also displays the total number of permissions for each role.
The default roles in the Console are listed below in the order of highest to lowest privilege level.
Global Admin: This user role has the highest level of privilege. Auser in this role has full access to the Console.
Security Admin: This user role has full access to view and manage security data on the Risks Overview, Insider Risk, Cloud Sensor, and Endpoint Sensor pages. The role also allows full access to manage Settings but only restricted access to the Incidents page. The default role configuration does not include the ability to access event details. Security Analyst Level 2: This user role allows investigation of incidents with access to file contents and screenshots. The role is set with read-only permissions for the Risks Overview page and provides limited access to the Insider Risk and Settings pages.
Security Analyst Level 1: This user role allows limited investigation of incidents. In this role, the user cannot access file contents and
screenshots. The role is set with read-only permissions for the Risks Overview page and provides limited access to the Insider Risk and Settings pages.
Creating a new role
Click on Create a Role.
In the New Role window, enter a role name and a brief description of the role.
Select the Role kind.
User: Has permission to access the Cyberhaven Console.
API Key: Has permission to use the API endpoints. See, API v2. 4. Select the level of permissions you want to assign to this role. The options are Read, Create, Update, and Delete.
Click Save to create the role. The new role is displayed in the Roles table.
Assigning the role to a user
You can assign the role to a user which will define their permissions within the Cyberhaven Console.
Navigate to Preferences > Users.
Click on the Actions menu for a user and select Change role. The role settings are displayed in a pop-up window.
Additionally, when inviting a new user to the Console, you have the option to assign them a specific role.
Editing a role
Click on the actions menu for that role and select Edit Role.
On the Edit Role page, modify the permissions and click Save. Deleting a role
Click on the actions menu for that role and select Delete Role. 2. On the confirmation pop-up window, click Yes.
PII Field Masking
The Cyberhaven platform captures several PII fields as part of the event metadata. This feature allows you to control which users can view sensitive
fields, such as names and email addresses, within the Cyberhaven Console and the API by assigning role-based permissions.
Users without this permission will see sensitive field values displayed as masked.
The following screenshot shows how a user without this permission will view the data.
Setting the Permission
You can manage user permissions to view PII data from the Roles page under Preferences > Roles and Scopes.
Enable this permission to grant users with this role access to view PII data.
Disabled this permission to restrict access to PII data.
List of PII Fields
The following is a full list of fields considered to have PII information within the platform.
AI explanation
App command line
App main window title
Assigned to
Browser page title
Cloud app account
Cloud destination account
Cloud destination accounts
Cloud destination groups
Cloud messaging groups
Cloud messaging users
Destination file path
Destination location outline
Directory user groups
Email account
Email groups
File path
First name
Full name
Group name
Hostname
Last name
Local machine name
Local user groups
Local user name
Manager email
Manager name
Phone number
Primary address city
Primary address country
Primary address region
Primary address street address
Primary address zip code
Primary email
Printer name
Removable device name
Resolved by
Source file path
Source location outline
User
Users
- API Role
Cyberhaven provides external APIs that can be used to configure the platform and query data. The user must have an API role to use the APIs.
Creating an API role
1. Click on Create a Role and enter a role name and description. 2. Under Role kind, select API Key.
3. Select the permissions and click Save.
API User Permissions
An API Key role grants permission to access the following features using API endpoints.
Event Details for Dashboard: Use the EventService APIs to retrieve details about specific events from the Events page.
Incidents: Use the IncidentService API to retrieve details about specific incidents from the Incidents page.
Linea AI Summaries: Use the IncidentService API to retrieve the AI summaries for incidents.
Endpoint Sensor Status: Use the EndpointService APIs to retrieve details about specific endpoints or delete endpoints from the Endpoint Sensors page.
Installer: Use the InstallerService API to get the binary installer file for the Latest, Previous, or specific Sensor version.
Lists: Use the ListService APIs to retrieve, create, update, or delete lists and list items.
Integration Destination: Use the StreamingDestinationsService API endpoints to retrieve details about the streaming destinations added to the Integrations page. See, Integrations.
Integration Configuration: Use the StreamingProfilesService API endpoints to retrieve details about the configured profiles for streaming destinations added to the Integrations page.
Integration Connection Log: Use the StreamingProfilesService API endpoints for the connection log to retrieve details about the connection history of a configured profile on the Integrations page. Aconnection log provides the history of Cyberhaven's connection to your destination URL.
To see our API explorer and documentation, in the Cyberhaven Console navigate to Administration > API specification.
To learn more about the APIs, see the API documentation.