- Get Started with Threat Center
- Threat Center
- Threat Center Permissions
- Threat Center Alerts: Read
- Threat Center Alerts: Read, Write, and Delete
- Threat Center Cases: Read
- Threat Center Cases: Read, Write, and Delete
- Threat Center Detection Grouping Rules: Read
- Threat Center Detection Grouping Rules: Read, Write, and Delete
- Threat Center Watchlist: Read
- Threat Center Watchlist: Read, Write, and Delete
- Threat Center Cases
- Threat Center Alerts
- Threat Center Detections
- Threat Center Risk Score
- Monitor Entities of Interest in Threat Center
- Group Detections
- Work on Cases
- Work on Alerts
- Edit and Collaborate in Threat Center
- Use Automation Tools in Threat Center
- Find Cases and Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
- Threat Center APIs
Threat Center Permissions
Review the permissions that determine what you're permitted to see and do in Threat Center.
There are eight permissions specific to Threat Center:
If you have universal role-based access, the pre-configured roles are assigned specific Threat Center permissions. To see and do the things you need in Threat Center, ensure you're assigned the appropriate role and your role has the relevant permissions.
Threat Center Alerts: Read
The read permission for Threat Center alerts allows you to:
You must have this permission to use Threat Center. Without this permission, you can't access most alert and case functionalities.
Threat Center Alerts: Read, Write, and Delete
The read, write, and delete permission for Threat Center alerts allows you to do everything you can do with the read permission and also:
Add attachments to alerts
Remove attachments from alerts
Threat Center Cases: Read
The read permission for Threat Center cases allows you to:
View cases
View case, event, and raw log attributes in cases
Download attachments in cases
Without this permission, you can't access the Cases tab, and you receive a Permission Denied error.
Threat Center Cases: Read, Write, and Delete
The read, write, and delete permission for Threat Center cases allows you to do everything you can do with the read permission and also:
Threat Center Detection Grouping Rules: Read
The read permission for Threat Center detection grouping rules allows you to navigate to and view detection grouping rules.
Threat Center Detection Grouping Rules: Read, Write, and Delete
The read, write, and delete permission for Threat Center detection grouping rules allows you to do everything you can do with the read permission and also:
Threat Center Watchlist: Read
The read permission for Threat Center watchlists allows you to navigate to the Overview tab and view watchlists.
Threat Center Watchlist: Read, Write, and Delete
The read, write, and delete permission for Threat Center watchlists allows you to do everything you can do with the read permission and also: