User Permissions
Each default and custom role defines the specific permissions entitled to users with that role assignment. Permissions are grouped by permission categories as described in the following topics:
APIs Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Application Programming Interfaces |
New-Scale |
Manage API keys |
View and manage API keys. |
|
|
|
Application Programming Interfaces |
New-Scale |
Manage webhooks |
View and manage webhooks. |
|
|
Collectors Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Cloud Collectors |
New-Scale |
Cloud Collectors |
View and manage Cloud Collectors. |
Read |
|
|
Cloud Collectors |
New-Scale |
Cloud Collectors |
View and manage Cloud Collectors. |
|
|
|
SaaS Cloud Connectors |
SaaS |
SaaS Cloud Connectors |
View and manage SaaS Cloud Connectors |
Read |
|
|
SaaS Cloud Connectors |
SaaS |
SaaS Cloud Connectors |
View and manage SaaS Cloud Connectors |
|
|
|
SaaS Site Collectors |
SaaS |
SaaS Site Collectors manage collectors |
Perform all collector operations, such as managing collectors, changing template assignments, and toggling operations in SaaS Site Collectors. |
|
Administrator (Data Lake) |
|
Site Collectors |
New-Scale |
Site Collectors |
View and manage Site Collectors' settings. |
Read |
|
|
Site Collectors |
New-Scale |
Site Collectors |
View and manage Site Collectors' settings. |
|
|
|
Site Management |
New-Scale |
Site Management |
View and manage sites. |
Read |
|
|
Site Management |
New-Scale |
Site Management |
View and manage sites |
|
|
Compliance Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Webhooks |
New-Scale |
Audit Events Export |
Export audit events. |
|
|
Identity and Access Management Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Settings |
New-Scale |
User, roles, and single sign-on |
View and manage users, roles, and single sign-on settings |
Read |
|
|
Settings |
New-Scale |
Identity and Access Management |
View and manage users and associated roles |
Read |
|
|
Settings |
New-Scale |
Identity and Access Management |
View and manage users and associated roles |
|
|
|
Settings |
New-Scale |
single sign-on configuration |
View and manage single sign-on configurations. |
Read |
|
|
Settings |
New-Scale |
single sign-on configuration |
View and manage single sign-on configurations. |
|
|
Investigation and Response Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Advanced Analytics |
SaaS |
Advanced Analytics add comments |
Add comments for entities in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view unmasked data (PII) |
View personally identifiable information (PII) when data masking is enabled in Advanced Analytics. |
Read |
Data Privacy Officer (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics approve lockouts |
Accept account lockout activities for users in Advanced Analytics. Accepting lockouts indicates that the specific set of behaviors are deemed normal and allowed for that user. |
|
Tier 3 Analyst (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics send incidents to Incident Responder |
Send incidents to Incident Responder from Advanced Analytics. |
|
|
|
Alert Triage |
New-Scale |
Alert Rank |
View and manage Alert Rank. |
Read |
|
|
Alert Triage |
New-Scale |
Alert Triage |
View and manage Alert Triage |
Read |
|
|
Alert Triage |
New-Scale |
Alert Triage Public Saved Filters |
View and manage public saved filters. |
|
|
|
Automation Management |
New-Scale |
Automation Management playbooks |
View and manage playbooks in Automation Management. |
Read |
|
|
Automation Management |
New-Scale |
Automation Management playbooks |
View and manage playbooks in Automation Management. |
|
|
|
Case Manager |
SaaS |
Case Manager read, write, and delete incidents |
Edit incidents in Case Manager |
|
|
|
Case Manager |
SaaS |
Case Manager bulk edit |
Edit multiple incidents at the same time in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager read, write, and delete incidents |
View incidents in Case Manager. |
Read |
|
|
Case Manager |
SaaS |
Case Manager add comments |
Add comments in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager create incidents |
Create incidents in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager read, write, and delete incidents |
Delete incidents in Case Manager |
|
|
|
Case Manager |
SaaS |
Case Manager view comments |
View case comments in Case Manager. |
Read |
|
|
Case Manager |
SaaS |
Case Manager view restricted incidents |
View incidents restricted to other users or groups in Case Manager. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Case Management |
View and manage Case Management Dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Case Management |
View and manage Case Management Dashboards. |
|
|
|
Incident Responder |
SaaS |
Incident Responder run playbooks |
Run playbooks from the workbench in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder run actions |
Launch individual actions from the user interface in Incident Responder. |
|
|
|
Threat Center |
New-Scale |
Threat Center alerts |
View and manage alerts in Threat Center. |
Read |
|
|
Threat Center |
New-Scale |
Threat Center alerts |
View and manage alerts in Threat Center. |
|
|
|
Threat Center |
New-Scale |
Threat Center cases |
View and manage cases in Threat Center. |
Read |
|
|
Threat Center |
New-Scale |
Threat Center cases |
View and manage cases in Threat Center. |
|
|
|
Threat Center |
New-Scale |
Threat Center detection grouping rules |
View and manage detection grouping rules in Threat Center. |
Read |
|
|
Threat Center |
New-Scale |
Threat Center detection grouping rules |
Manage detection grouping rules in Threat Center. |
|
|
Platform Insights Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Advanced Analytics |
SaaS |
Advanced Analytics view health |
Advanced Analytics view system health. |
Read |
Administrator (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics view trends |
View overall trends with Advanced Analytics. |
Read |
|
|
Notifications |
New-Scale |
Configure global notification channels |
View and manage global notification channels for your organization. |
|
|
|
Notifications |
New-Scale |
Manage security notifications |
View and manage security notifications for your profile. |
|
|
|
Notifications |
New-Scale |
Manage health notifications |
View and manage health notifications for your profile. |
|
|
|
Notifications |
New-Scale |
Manage consumption notifications |
View and manage consumption notifications for your profile. |
|
|
|
Notifications |
New-Scale |
Manage thirdparty-access |
View and manage third-party access notifications for your profile. |
|
Administrator |
|
Outcomes Navigator |
New-Scale |
Outcomes Navigator |
View Outcomes Navigator. |
Read |
|
Security Management Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Action Editor |
New-Scale |
Actions Editor |
View and manage custom actions. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage content packages |
View and manage content packages for automatic installation in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics administrative operations |
Perform all administrative operations in Advanced Analytics. |
|
Administrator (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics manage watchlists |
Add and remove users from the watchlists in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view rules |
View rules that determine how security events are handled in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage data ingestion |
Configure log sources, feeds, and email ingestion in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Event Selection streams |
View or modify streams in Advanced Analytics with Event Selection. |
|
|
|
Advanced Analytics |
SaaS |
Event Selection streams |
View or modify streams in Advanced Analytics with Event Selection. |
Read |
Administrator |
|
Auto Parser Generator |
New-Scale |
Manage Auto Parser Generator |
View and manage SaaS parsers in Auto Parser Generator. |
Read |
|
|
Case Manager |
SaaS |
Case Manager manage queues |
View and manage membership to queues in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage incident rules |
View and manage rules for how incidents are assigned, restricted, and prioritized on ingestion in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage rules |
View and manage rules that determine how security events are handled in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage incident configuration |
View and manage incident configurations including incident types, fields, layouts, case notifications, and checklists in Case Manager. |
|
Administrator (Advanced Analytics) |
|
Case Manager |
SaaS |
Case Manager manage bi-directional Communication |
Configure inbound and outbound settings for bidirectional communications in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager delete entities and artifacts |
Delete entities and artifacts in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage checklist definitions |
Configure checklist definitions in Case Manager. |
|
|
|
Case Manager |
SaaS |
Case Manager manage incident definitions |
View and manage incident definitions in Case Manager. |
|
|
|
Context Management |
New-Scale |
Context Management |
View and manage Context Management configuration. |
|
|
|
Context Management |
New-Scale |
Context Management |
View and manage Context Management configuration. |
Read |
|
|
Correlation Rules |
New-Scale |
Correlation Rules |
View and manage correlation rules. |
Read |
|
|
Correlation Rules |
New-Scale |
Correlation Rules |
View and manage correlation rules. |
|
|
|
Data Lake |
SaaS |
Data Lake manage indices |
Re-parse and re-index the logs of indices in Data Lake |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake manage correlation rules |
View and manage correlation rules in Data Lake. |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake manage data access |
View and manage data access rules in Data Lake |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake view saved objects |
View saved searches, visualizations, dashboards, and reports in Data Lake. |
Read |
|
|
Data Lake |
SaaS |
Data Lake manage saved objects |
View and manage saved searches, visualizations, dashboards, and reports in Data Lake. |
|
|
|
Data Lake |
SaaS |
Data Lake manage Kafka Connect |
View and manage connectors in Kafka Connect in Data Lake. |
|
Administrator (Data Lake) |
|
Data Lake |
SaaS |
Data Lake manage cross-cluster connection |
Add and edit the connection to remote clusters in Data Lake. |
|
Administrator (Data Lake) |
|
Entity Management |
New-Scale |
Attack Surface Insights |
View and manage Attack Surface Insights. |
Read |
|
|
Entity Management |
New-Scale |
Attack Surface Insights |
View and manage Attack Surface Insights. |
|
Administrator |
|
Incident Responder |
SaaS |
Incident Responder reset incident workbench |
Reset incident workbench |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage playbooks |
Manage playbooks in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage services |
View and manage services (third-party integrations) in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage playbook templates. |
View and manage playbook templates |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage triggers |
View and manage playbook triggers in Incident Responder. |
|
|
|
Incident Responder |
SaaS |
Incident Responder manage custom services and packages |
Manage custom services and related packages in Incident Responder. |
|
|
|
Log Stream |
New-Scale |
Manage Log Stream Parsers |
View and manage parsers, parser updates, view live parsed events, and re-parsing jobs in Log Stream. |
|
|
|
SaaS Context Collectors |
SaaS |
SaaS context tables manage users and context sources |
View and manage users, roles, and context sources for decision support in SaaS. |
|
|
|
SaaS context tables |
SaaS |
SaaS manage context tables |
View and manage entities and other objects in SaaS context tables. |
|
|
|
Search |
New-Scale |
Secured Resources |
View and manage Secured Resources. |
|
|
|
Search |
New-Scale |
Secured Resources |
View and manage Secured Resources. |
Read |
|
|
Search |
New-Scale |
Manage data retention settings |
View and manage data retention. |
|
|
|
Settings |
New-Scale |
Manage Administrative Settings |
View and manage administrative settings. |
Read |
|
|
Settings |
New-Scale |
Manage Administrative Settings |
View and manage administrative settings. |
|
|
|
Threat Detection Management |
New-Scale |
Analytics Rules |
View or manage Analytics Rules. |
Read |
|
|
Threat Detection Management |
New-Scale |
Analytics Rules |
View or manage Analytics Rules. |
|
|
|
Threat Detection Management |
New-Scale |
Universal Prioritization |
View or manage Universal Prioritization. |
Read |
|
|
Threat Detection Management |
New-Scale |
Universal Prioritization |
View or manage Universal Prioritization. |
|
|
Threat Detection Permissions
|
Application |
Platform |
Permission |
Permission Description |
Access |
Roles |
|---|---|---|---|---|---|
|
Advanced Analytics |
SaaS |
Advanced Analytics threat hunter search incidents |
Perform basic threat hunter incident searches in Advanced Analytics. Basic threat hunter incident search allows one to search for an incident and associated details. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage threat hunter search library |
View and manage threat hunter saved searches in Advanced Analytics. |
|
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view executive info |
View the risk reasons and timeline of the executive users in the organization. You will be able to see the activities performed by executive users along with the associated anomalies. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view global insights |
View the organizational models and histograms showing normal behavior for users and assets in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics threat hunting |
Perform threat hunting in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view data insights |
View the normal behaviors for specific users and assets in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view threat hunter search library |
View the Threat Hunter Search Library and the corresponding search results in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics manage threat hunter public searches |
View and manage saved threat hunter public searches. |
|
Tier 3 Analyst (Advanced Analytics) |
|
Advanced Analytics |
SaaS |
Advanced Analytics view notable activities |
View all notable users, assets, sessions, and related risk reasons in Advanced Analytics. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics view raw logs |
View the raw logs that are used to build the events in the Advanced Analytics timeline. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics threat hunter search |
Perform basic threat hunter searches in Advanced Analytics. Basic threat hunter incident search allows one to search for a specific user, asset, session, or a security alert. |
Read |
|
|
Advanced Analytics |
SaaS |
Advanced Analytics accept sessions |
Allow a user to accept an Advanced Analytics session. |
|
|
|
Dashboards |
New-Scale |
Dashboards |
View and manage dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards |
View and manage dashboards. |
|
|
|
Dashboards |
New-Scale |
Dashboards Anomalies |
View and manage Anomalies Dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Anomalies |
View and manage Anomalies Dashboards. |
|
|
|
Dashboards |
New-Scale |
Dashboards Data Lake |
View and manage Data Lake Dashboards. |
Read |
|
|
Dashboards |
New-Scale |
Dashboards Data Lake |
View and manage Data Lake Dashboards. |
|
|
|
Data Lake |
SaaS |
Data Lake run Elasticsearch Searches |
Perform Elasticsearch search requests in Data Lake. |
Read |
Administrator (Data Lake) |
|
Search |
New-Scale |
Search, Analyze and Export |
Search, analyze, and export logs, alerts, and events. |
Read |
|