Capsule8 Console Docs
Capsule8 Console Docs

Console Version 4.1.0

Noteworthy Additions

  • Introducing basic Role-based Access Control (RBAC) support! The console now gives you fine-grained control over which users can access Capsule8’s detection and alerting capabilities. You can control who can view or manage: alerts, hosts, detection policies, and investigations queries. A few notes on this new feature:
    • All existing users are now assigned to an Admin role with all permissions
    • New users imported via 3rd-party SSO are assigned to a Basic role with limited permissions
    • Any new users created manually via the console can have their roles specified as desired in the UI
    • Passwords can now be edited in the UI
  • We’ve also added basic policy management via the console UI, building towards full, YAML-free policy management (soon!). If the sensor is configured to allow it, you can now view and update each host’s policies via a text editor in the console. A few notes on this new feature:
    • Each host requires its own policy configuration (for now)
    • This requires a 4.1.0+ version of the sensor to work
    • The sensor will look for configuration updates from the console at an interval of your choosing

Key Improvements

  • You can now track most actions taken within the console, including all API requests that constitute modifying, creating, or deleting. These actions are logged and displayed on a new audit page within the console for auditing purposes.
  • Need noise cancelling headphones for your alerts? By marking alerts as auditableEvent in a detection policy, they will be sent to a new tab, Events, in the Activity page, rather than showing up in the main alerts queue to help with noise reduction
  • You can now see alerts sent to GCP buckets within the console (not just S3 buckets!)
  • You may notice that the console web page is loading faster, which is due to caching improvements we made

Known Issues

  • When using RBAC, you still cannot assign permissions on per host basis
  • When managing policies via the console, you cannot update multiple host policies at once – it can only be updated on a per host basis