Contents
Summary
How to load Instruction Definitions into Tachyon and then create, populate and delete Instruction sets.
Every Instruction loaded into Tachyon has an implicit risk when applied to a network, some Instructions carry more risk than others.
One way of mitigating the risks could be to define Instruction sets that organize the Instructions according to their perceived risk. You could then define varying levels of access to the Instruction sets according to their associated risk.
For example the quarantine Instructions, available on the Tachyon Exchange, are for use in high-impact emergency scenarios, the way that these instructions work carries a fair degree of risk whereby devices are isolated from the network - which is appropriate for emergency use, however you may not want those Instructions to be generally available. To implement this you could create a High Security Instruction set to contain those Instructions, as well as any others you feel have a similar risk, and then lock down access to the Instruction set to suitable roles in the organization.
In this tutorial we will demonstrate:
The tutorial
Here we'll show an example where we create an empty Instruction set called High Security , we'll download the Quarantine Windows Device product pack from the Tachyon Exchange, load that product pack into Tachyon, filter on the text quarantine and then move the quarantine Instructions into the High Security Instruction set. Finally we set a custom role for the High Security Instruction set and grant permissions to the SystemsAdministrators AD group
Creating custom roles for Instruction Sets
So far we've only dealt with the process for defining access to the built-in Tachyon system roles. These roles generally provide access across all Instruction Sets. The advantage to this approach is that the number of AD groups required to define permissions to Tachyon is relatively small. However, this approach does not take advantage of the ability to create and manage Instruction Sets where permissions can be configured for the specifically chosen instructions in the set.
To deal with Instruction Sets, Tachyon lets you create custom roles that can determine permissions for one or more sets. To add a custom role you will need to have previously created one or more Instruction Sets.
Creating a custom role
To illustrate the process we will use an example where a SystemsAdministrators AD group in our environment will be given specific permissions to run actions and questions from the High Security Instruction Set.
The tutorial is now complete. Here we've shown how to:
- Create a new Instruction set
- Download a Product Pack from the Tachyon Exchange
- Upload the Product Pack into Tachyon and add the Instructions to the Instruction set
- Create a custom role for the Instruction set
- Assign the role to a Tachyon user.