Contents

Instruction sets, Tachyon Exchange and custom roles - tutorial

Summary


How to load Instruction Definitions into Tachyon and then create, populate and delete Instruction sets.

In this tutorial

Every Instruction loaded into Tachyon has an implicit risk when applied to a network, some Instructions carry more risk than others.

One way of mitigating the risks could be to define Instruction sets that organize the Instructions according to their perceived risk. You could then define varying levels of access to the Instruction sets according to their associated risk.

For example the quarantine Instructions, available on the Tachyon Exchange, are for use in high-impact emergency scenarios, the way that these instructions work carries a fair degree of risk whereby devices are isolated from the network - which is appropriate for emergency use, however you may not want those Instructions to be generally available. To implement this you could create a High Security Instruction set to contain those Instructions, as well as any others you feel have a similar risk, and then lock down access to the Instruction set to suitable roles in the organization.

In this tutorial we will demonstrate:

The tutorial

Here we'll show an example where we create an empty Instruction set called  High Security , we'll download the  Quarantine Windows Device  product pack from the Tachyon Exchange, load that product pack into Tachyon, filter on the text  quarantine  and then move the quarantine Instructions into the  High Security  Instruction set. Finally we set a custom role for the  High Security  Instruction set and grant permissions to the  SystemsAdministrators  AD group

Creating an Instruction set

First we'll create the High Security Instruction set:

  1. Navigate to the Settings→Instructions→Instruction sets page.
  2. Click the Add new set button.
  3. In the Add new instruction set popup, enter a suitable name for the Instruction set. In our example the name is High Security.
  4. We will also add a custom icon, in JPG or PNG format, that will be used when displaying the instruction:
    1. Click the Choose File button.
    2. In the Open dialog, locate and select the JPG or PNG file you want to use.
    3. Click Open to load the file into Tachyon.
    4. The file location and a preview of the file will be displayed in the popup.
  5. Click the Add button.

Downloading a product pack from the Tachyon Exchange

The Instruction sets page has a direct link to the Tachyon Exchange, here we will use that to quickly download the Quarantine Windows Device product pack.

  1. On the Instruction sets page click on the Tachyon Exchange link in the header.
  2. A new tab displaying the Tachyon Exchange will open in the browser.
  3. To download product packs you need to log in using your 1E Support Portal credentials. Click the Login link.
  4. Enter your support login email and password when prompted and then click Log in.
  5. In the Search... field type the word quarantine and press return.
  6. A link to the Quarantine Windows Device page will be shown in the search results. Click on the link.
  7. Click on the Checkout button.
  8. Here you can see that the Quarantine Windows Device product pack is free of charge.
  9. Scroll to the bottom of the page and click on the Free Download button.
  10. You will then be presented with a link to the download. Click on 1E-Exchange-QuarantineDevice3.1 link.
  11. The file will then be downloaded in your browser.

Uploading a product pack to Tachyon, and adding the Instructions to an Instruction set

In our example we've copied the downloaded product pack file to a local directory called Exchange Product Packs:

  1. On the Instruction sets page click on the Upload button.
  2. In the Open dialog navigate to the Exchange Product Packs folder.
  3. Select the 1E-Exchange-QuarantineDevice3.1.zip product pack and click Open.
  4. In the filter edit field above the Instructions table type the text quarantine to find the instructions that contain that text.
  5. Select the three matching instructions in one go by clicking on the checkbox at the top of the table.
  6. Click the Move button.
  7. In the Move instructions popup
    1. Select the High Security Instruction set from the Destination set list of available Instruction sets
    2. Click Move button
  8. The matching quarantine instructions will then be moved to the High Security Instruction set

The product pack has been downloaded from the Tachyon Exchange and uploaded into Tachyon and the Instructions have been moved to the High Security Instruction set. The next step, to complete the tutorial, is to set the permissions for the new Instruction set.

Creating custom roles for Instruction Sets

So far we've only dealt with the process for defining access to the built-in Tachyon system roles. These roles generally provide access across all Instruction Sets. The advantage to this approach is that the number of AD groups required to define permissions to Tachyon is relatively small. However, this approach does not take advantage of the ability to create and manage Instruction Sets where permissions can be configured for the specifically chosen instructions in the set.

To deal with Instruction Sets, Tachyon lets you create custom roles that can determine permissions for one or more sets. To add a custom role you will need to have previously created one or more Instruction Sets.

Creating a custom role

To illustrate the process we will use an example where a SystemsAdministrators AD group in our environment will be given specific permissions to run actions and questions from the High Security Instruction Set.

  1. Navigate to Settings→Permissions→Roles.
  2. Click on the Add button.
  3. In the Add role popup type a Name and Description for the new custom role. In our example these will be High Security and Users with this role will be able to run instructions in the High Security Instruction set respectively.
  4. Click Add.
  5. Click on the new role name link to see the role details page. In our example the role name link is High Security.
  6. On the Permissions tab click the Add button.
  7. In the Add permission popup select Instruction set from the Type list.
  8. In the newly displayed Name field select the name of the Instruction set you want to permission for the role. In our example this is High Security.
  9. Now check the Actioner and Questioner checkboxes, as these are the permissions we want to set for the High Security Instruction set.
  10. Click the Add button once all the settings have been made in the Add permission popup.
  11. Before it can be effective, at least one management group must be added to the new role. The management group(s) determine which devices can be targeted by the Instructions in the Instruction set. 
    1. Select the Management groups tab on the role details page.
    2. Click the Add button.
    3. In the Add management group popup select the management group. In our example this is set to the built-in All Devices management group.
    4. Click Add to add the management group.
    5. Repeat these steps for any other management groups that you want to add to the role.

We have now created our new custom role.

Adding a custom role to a Tachyon user or group

Having defined the custom role we can now apply the role to a Tachyon user. To take on this new role we've added a new Tachyon user for the AD SystemAdministrators group.

  1. Click on the user's name link on the Users page to display the details for the user. 
  2. On the Roles tab click the Edit button to display the Edit roles assigned to user popup.
  3. Scroll down until you can see your new role. In our case the new role is called High Security, as shown in the picture opposite.
  4. Click on the Save button to apply the role to the user.

In our example the SystemAdministrators user now has the High Security custom role, as shown in the picture opposite. Now any member of the corresponding SystemAdministrators AD group will have the ability to run actions from the High Security Instruction Set.

The tutorial is now complete. Here we've shown how to:

  • Create a new Instruction set
  • Download a Product Pack from the Tachyon Exchange
  • Upload the Product Pack into Tachyon and add the Instructions to the Instruction set
  • Create a custom role for the Instruction set
  • Assign the role to a Tachyon user.