- Get Started with Threat Center
- Group Detections
- Work on Cases
- Triage Alerts in Threat Center
- Edit and Collaborate in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Threat Center Permissions
Review the permissions that determine what you're permitted to see and do in Threat Center.
There are six permissions specific to Threat Center:
If you have universal role-based access, the pre-configured roles are assigned specific Threat Center permissions. To see and do the things you need in Threat Center, ensure you're assigned the appropriate role and your role has the relevant permissions.
Threat Center Alerts: Read
The read permission for Threat Center alerts allows you to:
You must have this permission to use Threat Center. Without this permission, you can't access most alert and case functionalities.
Threat Center Alerts: Read, Write, and Delete
The read, write, and delete permission for Threat Center alerts allows you to do everything you can do with the read permission and also:
Edit alert attributes
Add attachments to alerts
Remove attachments from alerts
Threat Center Cases: Read
The read permission for Threat Center cases allows you to:
Without this permission, you can't access the Cases tab, and you receive a Permission Denied error.
Threat Center Cases: Read, Write, and Delete
The read, write, and delete permission for Threat Center cases allows you to do everything you can do with the read permission and also:
Threat Center Detection Grouping Rules: Read
The read permission for Threat Center detection grouping rules allows you to navigate to and view detection grouping rules.
Threat Center Detection Grouping Rules: Read, Write, and Delete
The read, write, and delete permission for Threat Center detection grouping rules allows you to do everything you can do with the read permission and also: