Home
Guardian
Learn how Guardian provides comprehensive asset inventory and network visibility for OT and IoT environments.
Administrator Guide
Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
Administration
Settings
Users management
The Users management page shows all the pages that you need to let you manage authentication and authorization policies for users and groups.
Groups
The Groups page shows a list of all the user groups.

Guardian
Learn how Guardian provides comprehensive asset inventory and network visibility for OT and IoT environments.
- Introduction
  An overview of Guardian.
- Installation Guide
  Information and resources on how to install Guardian, and the different options and settings that are available.
- Administrator Guide
  Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - Settings
      - Security control panel
        The Security control panel page shows an overview of the current status of the learning process and lets you configure the features that manage the: learning, security profile, zones, alerts tuning, and alert closing options.
      - Features
        The Features page shows an overview of the current status of system features configuration and lets you fine tune specific values.
      - Users management
        The Users management page shows all the pages that you need to let you manage authentication and authorization policies for users and groups.
        Users
        The Users page shows a list of users and lets you create and delete users, and change the password and/or username of existing users.
        Groups
        The Groups page shows a list of all the user groups.
        Add a local group
        The Groups page lets you add new user groups.
        Edit a group
        You can use the Group page to edit the details for an existing group.
        Import an Active Directory group
        To permit Active Directory users to log into the system, you can import an existing group from an Active Directory infrastructure.
        Import an LDAP group
        To permit existing lightweight directory access protocol (LDAP) users to log into the system, you can import an existing group from an LDAP server.
        OpenAPI Keys
        The OpenAPI Keys page lets you manage the openAPI keys. You can use OpenAPI keys for bearer token authentication instead of basic authentication, which uses a username and password.
        Active Directory
        In addition to local users, you can configure existing Active Directory users for login.
        Configure Active Directory integration
        The Active Directory page lets you configure integration.
        LDAP
        The LDAP page shows a list of all the lightweight directory access protocol (LDAP) configurations.
        SAML
        Nozomi Networks supports security assertion markup language (SAML) single sign-on (SSO) authentication.
      - CLI
        The CLI page lets you change configuration parameters and perform troubleshooting activities.
      - Dashboards
        The Dashboards page lets you create and configure widget-based dashboards that provide information about your network. The dashboards created here will show on the Guardian home page, and give an overview of the monitored environment.
      - Threat Intelligence
        The Threat Intelligence page lets you manage packet rules, YARA rules, Sigma rules, structured threat information expression (STIX) indicators and vulnerabilities to provide detailed threat information.
      - Custom fields
        The Custom fields page lets you create a custom field to the Nodes (All-In-One CMC only) and Assets tables. A custom field lets you add information that might be relevant to your organization, and cannot be extracted from network traffic.
      - Data integration
      - Firewall integration
        The Firewall integrations page shows all the firewall integrations and lets you add new ones.
      - Credentials manager
        The Credentials manager is a tool that lets you centralize the management of monitored endpoints to make it easier to create, delete, or update the credentials that are needed to access those endpoints.
      - Zone configurations
        The Zone configurations page shows all the zone configurations in your environment and lets you add new zone configurations and edit them.
      - Synchronization settings
        The Synchronization settings page lets you customize the parameters related to Vantage or Central Management Console (CMC).
      - Alert playbooks
    - System
- User Guide
  Information and resources about the main features of Guardian, and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Guardian, to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for Guardian.

Groups

The Groups page shows a list of all the user groups.

Groups page — Figure 1. Groups page

Authorization policies

User groups define authorization policies. Each group includes a:

List of allowed features
Filter to enable visualization of just specific node subsets

When a user belongs to a group, the user can only:

Perform the operations that the group allows
See the nodes that the group node filter defines

A user can belong to several groups and will inherit the authorizations of those groups. When a user belongs to multiple groups, any node that satisfies the filter of any group is visible, and its features are available.

Two group types have predefined authorization policies:

Administrators: All features are available
Authentication Only: Only the authentication feature is available

When a group is neither Administrators nor Authentication Only, the allowed features (sections) can be enabled/disabled individually.

Note:

After a reboot, the local default admin of the Web user interface (UI) will automatically be recreated (within the default admin’s user group) if it has been deleted, or if it doesn't exist. This is to make sure that a user cannot mistakenly delete it.

Note:

We recommend to have at least one group without admin privileges. Therefore, after a reboot, if a user group with no admin privileges doesn't exist, a guests user group will be created automatically, without a user in it.

Live / refresh

The Live icon lets you change live view on, or off. When live mode is on, the page will refresh approximately every five seconds.

+Add

This lets you add a new group.

Import from Active Directory

This lets you import a group from Active Directory.

Import from LDAP server

This lets you import a group from a lightweight directory access protocol (LDAP) server.