- Welcome to the New-Scale Security Operations Platform
- Licenses
- Get Started with the New-Scale Security Operations Platform
- Universal Role-Based Access
- Exabeam Copilot
- Monitoring
User Permissions
Each default and custom role defines the specific permissions entitled to users with that role assignment. Permissions are grouped by permission categories as described in the following topics:
APIs Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Application Programming Interfaces |
New-Scale |
Manage API keys |
View and manage API keys. |
|
|
|
Application Programming Interfaces |
New-Scale |
Manage webhooks |
View and manage webhooks. |
|
|
Collectors Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Cloud Collectors |
New-Scale |
Cloud Collectors |
View and manage Cloud Collectors. |
Read |
|
|
Cloud Collectors |
New-Scale |
Cloud Collectors |
View and manage Cloud Collectors. |
|
|
|
SaaS Cloud Connectors |
SaaS |
SaaS Cloud Connectors |
View and manage SaaS Cloud Connectors |
Read |
|
|
SaaS Cloud Connectors |
SaaS |
SaaS Cloud Connectors |
View and manage SaaS Cloud Connectors |
|
|
|
SaaS Site Collectors |
SaaS |
SaaS Site Collectors manage collectors |
Perform all collector operations, such as managing collectors, changing template assignments, and toggling operations in SaaS Site Collectors. |
|
Administrator (Data Lake) |
|
Site Collectors |
New-Scale |
Site Collectors |
View and manage Site Collectors' settings. |
Read |
|
|
Site Collectors |
New-Scale |
Site Collectors |
View and manage Site Collectors' settings. |
|
|
|
Site Management |
New-Scale |
Site Management |
View and manage sites. |
Read |
|
|
Site Management |
New-Scale |
Site Management |
View and manage sites |
|
|
Compliance Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Webhooks |
New-Scale |
Audit Events Export |
Export audit events. |
|
|
Identity and Access Management Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Settings |
New-Scale |
User, roles, and single sign-on |
View and manage users, roles, and single sign-on settings |
Read |
|
|
Settings |
New-Scale |
Identity and Access Management |
View and manage users and associated roles |
Read |
|
|
Settings |
New-Scale |
Identity and Access Management |
View and manage users and associated roles |
|
|
|
Settings |
New-Scale |
single sign-on configuration |
View and manage single sign-on configurations. |
Read |
|
|
Settings |
New-Scale |
single sign-on configuration |
View and manage single sign-on configurations. |
|
|
Investigation and Response Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Advanced Analytics |
SaaS |
Advanced Analytics add comments |
Add comments for entities in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view unmasked data (PII) |
View personally identifiable information (PII) when data masking is enabled in Advanced Analytics. |
Read |
Data Privacy Officer (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics approve lockouts |
Accept account lockout activities for users in Advanced Analytics. Accepting lockouts indicates that the specific set of behaviors are deemed normal and allowed for that user. |
|
Tier 3 Analyst (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics send incidents to Incident Responder |
Send incidents to Incident Responder from Advanced Analytics. |
|
|
|
Alert Triage |
New-Scale |
Alert Rank |
View and manage Alert Rank. |
Read |
|
|
Alert Triage |
New-Scale |
Alert Triage |
View and manage Alert Triage |
Read |
|
|
Alert Triage |
New-Scale |
Alert Triage Public Saved Filters |
View and manage public saved filters. |
|
|
|
Automation Management |
New-Scale |
Automation Management playbooks |
View and manage playbooks in Automation Management. |
Read |
|
|
Automation Management |
New-Scale |
Automation Management playbooks |
View and manage playbooks in Automation Management. |
|
|
|
Case Manager |
SaaS |
Case Manager read, write, and delete incidents |
Edit incidents in Case Manager |
|
|
|
Case Manager |
SaaS |
Case Manager bulk edit |
Edit multiple incidents at the same time in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager read, write, and delete incidents |
View incidents in Case Manager. |
Read |
|
|
Case Manager |
SaaS |
Case Manager add comments |
Add comments in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager create incidents |
Create incidents in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager read, write, and delete incidents |
Delete incidents in Case Manager |
|
|
|
Case Manager |
SaaS |
Case Manager view comments |
View case comments in Case Manager. |
Read |
|
|
Case Manager |
SaaS |
Case Manager view restricted incidents |
View incidents restricted to other users or groups in Case Manager. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Case Management |
View and manage Case Management Dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Case Management |
View and manage Case Management Dashboards. |
|
|
|
Incident Responder |
SaaS |
Incident Responder run playbooks |
Run playbooks from the workbench in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder run actions |
Launch individual actions from the user interface in Incident Responder. |
|
|
|
Threat Center |
New-Scale |
Threat Center alerts |
View and manage alerts in Threat Center. |
Read |
|
|
Threat Center |
New-Scale |
Threat Center alerts |
View and manage alerts in Threat Center. |
|
|
|
Threat Center |
New-Scale |
Threat Center cases |
View and manage cases in Threat Center. |
Read |
|
|
Threat Center |
New-Scale |
Threat Center cases |
View and manage cases in Threat Center. |
|
|
|
Threat Center |
New-Scale |
Threat Center detection grouping rules |
View and manage detection grouping rules in Threat Center. |
Read |
|
|
Threat Center |
New-Scale |
Threat Center detection grouping rules |
Manage detection grouping rules in Threat Center. |
|
|
Platform Insights Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Advanced Analytics |
SaaS |
Advanced Analytics view health |
Advanced Analytics view system health. |
Read |
Administrator (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics view trends |
View overall trends with Advanced Analytics. |
Read |
|
|
Notifications |
New-Scale |
Configure global notification channels |
View and manage global notification channels for your organization. |
|
|
|
Notifications |
New-Scale |
Manage security notifications |
View and manage security notifications for your profile. |
|
|
|
Notifications |
New-Scale |
Manage health notifications |
View and manage health notifications for your profile. |
|
|
|
Notifications |
New-Scale |
Manage consumption notifications |
View and manage consumption notifications for your profile. |
|
|
|
Notifications |
New-Scale |
Manage thirdparty-access |
View and manage third-party access notifications for your profile. |
|
Administrator |
|
Outcomes Navigator |
New-Scale |
Outcomes Navigator |
View Outcomes Navigator. |
Read |
|
Security Management Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Action Editor |
New-Scale |
Actions Editor |
View and manage custom actions. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage content packages |
View and manage content packages for automatic installation in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics administrative operations |
Perform all administrative operations in Advanced Analytics. |
|
Administrator (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics manage watchlists |
Add and remove users from the watchlists in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view rules |
View rules that determine how security events are handled in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage data ingestion |
Configure log sources, feeds, and email ingestion in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Event Selection streams |
View or modify streams in Advanced Analytics with Event Selection. |
|
|
|
Advanced Analytics |
SaaS |
Event Selection streams |
View or modify streams in Advanced Analytics with Event Selection. |
Read |
Administrator |
|
Auto Parser Generator |
New-Scale |
Manage Auto Parser Generator |
View and manage SaaS parsers in Auto Parser Generator. |
Read |
|
|
Case Manager |
SaaS |
Case Manager manage queues |
View and manage membership to queues in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage incident rules |
View and manage rules for how incidents are assigned, restricted, and prioritized on ingestion in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage rules |
View and manage rules that determine how security events are handled in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage incident configuration |
View and manage incident configurations including incident types, fields, layouts, case notifications, and checklists in Case Manager. |
|
Administrator (Advanced Analytics) |
|
Case Manager |
SaaS |
Case Manager manage bi-directional Communication |
Configure inbound and outbound settings for bidirectional communications in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager delete entities and artifacts |
Delete entities and artifacts in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage checklist definitions |
Configure checklist definitions in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage incident definitions |
View and manage incident definitions in Case Manager. |
|
|
|
Context Management |
New-Scale |
Context Management |
View and manage Context Management configuration. |
|
|
|
Context Management |
New-Scale |
Context Management |
View and manage Context Management configuration. |
Read |
|
|
Correlation Rules |
New-Scale |
Correlation Rules |
View and manage correlation rules. |
Read |
|
|
Correlation Rules |
New-Scale |
Correlation Rules |
View and manage correlation rules. |
|
|
|
Data Lake |
SaaS |
Data Lake manage indices |
Re-parse and re-index the logs of indices in Data Lake |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake manage correlation rules |
View and manage correlation rules in Data Lake. |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake manage data access |
View and manage data access rules in Data Lake |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake view saved objects |
View saved searches, visualizations, dashboards, and reports in Data Lake. |
Read |
|
|
Data Lake |
SaaS |
Data Lake manage saved objects |
View and manage saved searches, visualizations, dashboards, and reports in Data Lake. |
|
|
|
Data Lake |
SaaS |
Data Lake manage Kafka Connect |
View and manage connectors in Kafka Connect in Data Lake. |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake manage cross-cluster connection |
Add and edit the connection to remote clusters in Data Lake. |
|
Administrator (Data Lake) |
|
Entity Management |
New-Scale |
Attack Surface Insights |
View and manage Attack Surface Insights. |
Read |
|
|
Entity Management |
New-Scale |
Attack Surface Insights |
View and manage Attack Surface Insights. |
|
Administrator |
|
Incident Responder |
SaaS |
Incident Responder reset incident workbench |
Reset incident workbench |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage playbooks |
Manage playbooks in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage services |
View and manage services (third-party integrations) in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage playbook templates. |
View and manage playbook templates |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage triggers |
View and manage playbook triggers in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage custom services and packages |
Manage custom services and related packages in Incident Responder. |
|
|
|
Log Stream |
New-Scale |
Manage Log Stream Parsers |
View and manage parsers, parser updates, view live parsed events, and re-parsing jobs in Log Stream. |
|
|
|
SaaS Context Collectors |
SaaS |
SaaS context tables manage users and context sources |
View and manage users, roles, and context sources for decision support in SaaS. |
|
|
|
SaaS context tables |
SaaS |
SaaS manage context tables |
View and manage entities and other objects in SaaS context tables. |
|
|
|
Search |
New-Scale |
Secured Resources |
View and manage Secured Resources. |
|
|
|
Search |
New-Scale |
Secured Resources |
View and manage Secured Resources. |
Read |
|
|
Search |
New-Scale |
Manage data retention settings |
View and manage data retention. |
|
|
|
Settings |
New-Scale |
Manage Administrative Settings |
View and manage administrative settings. |
Read |
|
|
Settings |
New-Scale |
Manage Administrative Settings |
View and manage administrative settings. |
|
|
|
Threat Detection Management |
New-Scale |
Analytics Rules |
View or manage Analytics Rules. |
Read |
|
|
Threat Detection Management |
New-Scale |
Analytics Rules |
View or manage Analytics Rules. |
|
|
|
Threat Detection Management |
New-Scale |
Universal Prioritization |
View or manage Universal Prioritization. |
Read |
|
|
Threat Detection Management |
New-Scale |
Universal Prioritization |
View or manage Universal Prioritization. |
|
|
Threat Detection Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Advanced Analytics |
SaaS |
Advanced Analytics threat hunter search incidents |
Perform basic threat hunter incident searches in Advanced Analytics. Basic threat hunter incident search allows one to search for an incident and associated details. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage threat hunter search library |
View and manage threat hunter saved searches in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view executive info |
View the risk reasons and timeline of the executive users in the organization. You will be able to see the activities performed by executive users along with the associated anomalies. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view global insights |
View the organizational models and histograms showing normal behavior for users and assets in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics threat hunting |
Perform threat hunting in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view data insights |
View the normal behaviors for specific users and assets in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view threat hunter search library |
View the Threat Hunter Search Library and the corresponding search results in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage threat hunter public searches |
View and manage saved threat hunter public searches. |
|
Tier 3 Analyst (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics view notable activities |
View all notable users, assets, sessions, and related risk reasons in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view raw logs |
View the raw logs that are used to build the events in the Advanced Analytics timeline. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics threat hunter search |
Perform basic threat hunter searches in Advanced Analytics. Basic threat hunter incident search allows one to search for a specific user, asset, session, or a security alert. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics accept sessions |
Allow a user to accept an Advanced Analytics session. |
|
|
|
Dashboards |
New-Scale |
Dashboards |
View and manage dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards |
View and manage dashboards. |
|
|
|
Dashboards |
New-Scale |
Dashboards Anomalies |
View and manage Anomalies Dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Anomalies |
View and manage Anomalies Dashboards. |
|
|
|
Dashboards |
New-Scale |
Dashboards Data Lake |
View and manage Data Lake Dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Data Lake |
View and manage Data Lake Dashboards. |
|
|
|
Data Lake |
SaaS |
Data Lake run Elasticsearch Searches |
Perform Elasticsearch search requests in Data Lake. |
Read |
Administrator (Data Lake) |
|
Search |
New-Scale |
Search, Analyze and Export |
Search, analyze, and export logs, alerts, and events. |
Read |
|