AD Permissions
AD Permissions include the same permissions as that of the local user group permissions. See the table in the Group Permissions section in the User Group Permissions section for viewing the permissions and their detailed descriptions.
MetaDefender NDR requires AD servers to send these permissions with the prefixes CN=INQ_PERM_ (for permissions) and CN=INQ_GROUP_ (for groups) for authentication. Creating the CN=INQ_GROUP_ Administrators group on the AD server would map the AD server to the local MetaDefender NDR Manager Administrators group and so the members of that remote AD group will have all permissions of the local Administrators group. Custom groups can also be created within the MetaDefender NDR Manager UI (For example: Analysts) that would correspond to CN=INQ_GROUP_ Analysts on the AD server and all members of that remote AD group will have all permissions of the local MetaDefender NDR Analysts group.
See the following table for information on AD permissions.
AD Permission TitleCN=INQ_PERM_CAN_READ_ANALYSIS Analysis (Read)CN=INQ_PERM_CAN_WRITE_ANALYSIS Analysis (Write)CN=INQ_PERM_CAN_READ_FILTRATION Filtration (Read)CN=INQ_PERM_CAN_WRITE_FILTRATION Filtration (Write)CN=INQ_PERM_CAN_READ_POLICY Policy (Read)CN=INQ_PERM_CAN_WRITE_POLICY Policy (Write)CN=INQ_PERM_CAN_READ_ADMINISTRATION Administration and Authentication (Read)CN=INQ_PERM_CAN_WRITE_ADMINISTRATION Administration and Authentication (Write)CN=INQ_PERM_CAN_READ_HELP HelpCN=INQ_PERM_CAN_READ_HOST_EXCLUSIONS Host Exclusions (Read)CN=INQ_PERM_CAN_WRITE_HOST_EXCLUSIONS Host Exclusions (Write)CN=INQ_PERM_CAN_READ_BLACKLIST Blacklist (Read)CN=INQ_PERM_CAN_WRITE_BLACKLIST Blacklist (Write)CN=INQ_PERM_CAN_READ_WHITELIST Whitelist (Read)CN=INQ_PERM_CAN_WRITE_WHITELIST Whitelist (Write)CN=INQ_PERM_CAN_READ_WHITENOISE Whitenoise (Read)CN=INQ_PERM_CAN_WRITE_WHITENOISE Whitenoise (Write)CN=INQ_PERM_CAN_READ_THREAT Threats (Read)CN=INQ_PERM_CAN_READ_SESSION Sessions (Read)CN=INQ_PERM_CAN_WRITE_SESSION Sessions (Write)CN=INQ_PERM_CAN_PERFORM_MANUAL_SCAN Manual ScanCN=INQ_PERM_CAN_READ_USER Users (Read)CN=INQ_PERM_CAN_WRITE_USER Users (Write)CN=INQ_PERM_CAN_WRITE_AUTHENTICATION_MAPPING Authentication Mappings (Write)CN=INQ_PERM_CAN_WRITE_USER_GROUP User Groups (Write)CN=INQ_PERM_CAN_READ_ADMINISTRATION_INTEGRATION Integration (Read)CN=INQ_PERM_CAN_WRITE_ADMINISTRATION_INTEGRATION Integration (Write)CN=INQ_PERM_CAN_READ_GLOBALS Globals (Read)CN=INQ_PERM_CAN_WRITE_GLOBALS Globals (Write)CN=INQ_PERM_CAN_READ_ADMINISTRATION_COLLECTION Collection (Read)CN=INQ_PERM_CAN_WRITE_ADMINISTRATION_COLLECTION Collection (Write)CN=INQ_PERM_CAN_READ_ANALYSIS_C2 C2 (Read)CN=INQ_PERM_CAN_READ_ADMINISTRATION_C2 C2 (Read)CN=INQ_PERM_CAN_WRITE_ADMINISTRATION_C2 C2 (Write)CN=INQ_PERM_CAN_READ_MIME_EXCEPTION MIME Exceptions (Read)CN=INQ_PERM_CAN_WRITE_MIME_EXCEPTION MIME Exceptions (Write)CN=INQ_PERM_CAN_EXPORT_LOGS Export LogsCN=INQ_PERM_CAN_READ_KB Knowledge Base (Read)CN=INQ_PERM_CAN_READ_SIGNATURE Signatures (Read)CN=INQ_PERM_CAN_READ_POLICIES Policies (Read)CN=INQ_PERM_CAN_READ_AUDIT_LOG Audit Log (Read)CN=INQ_PERM_CAN_READ_SENTRY_LOG Sentry Log (Read)CN=INQ_PERM_CAN_WRITE_MANUAL_UPDATE Manual Update (Write)CN=INQ_PERM_CAN_WRITE_SIGNATURE Signatures (Write)CN=INQ_PERM_CAN_READ_FILE Files (Read)CN=INQ_PERM_CAN_WRITE_POLICIES Policies (Write)CN=INQ_PERM_CAN_WRITE_SUPPORT Support (Write)CN=INQ_PERM_CAN_READ_SUPPORT Support (Read)CN=INQ_PERM_CAN_READ_SERVER_MANAGEMENT Server Management (Read)CN=INQ_PERM_CAN_WRITE_SERVER_MANAGEMENT Server Management (Write)CN=INQ_PERM_CAN_READ_AUTHENTICATION_MAPPING Authentication Mapping (Read)CN=INQ_PERM_CAN_READ_AV_EVENT Malware Events (Read)CN=INQ_PERM_CAN_TRIGGER_SYSTEM_EVENTS Can Trigger System Events (Server Reboot and Shutdown commands)