The feature-based roles include the following:
Data Analyst - Management of dashboards and notebooks
Data Source Page Enrichment
Custom Detectors Open API - Use the Detectors API endpoint. Learn more here.
[BETA] Lead Scoring Open API - Use the Lead Scoring API endpoints. Learn more here.
Users and Roles Viewer - Provides read-only access to view information on users and roles within a tenant, including their assigned roles.
Category | Action | Data Analyst | Data Source Page Enrichment | Custom Detectors Open API | [BETA] Lead Scoring Open API | Users and Roles Viewer |
|---|---|---|---|---|---|---|
Audit | View Audit logs and connectivity events | ❌ | ❌ | ❌ | ❌ | ❌ |
SOC Queue - Alerts | View SOC Queue Alerts | ❌ | ❌ | ❌ | ❌ | ❌ |
Manage Alerts: Set Assignee Set Status Set Classification | ❌ | ❌ | ❌ | ❌ | ❌ | |
View comments | ❌ | ❌ | ❌ | ❌ | ❌ | |
Add comments | ❌ | ❌ | ❌ | ❌ | ❌ | |
Delete comments (Self) | ❌ | ❌ | ❌ | ❌ | ❌ | |
Set the global alert thresholds for leads to generate Alerts | ❌ | ❌ | ❌ | ❌ | ❌ | |
Create custom queue tabs | ❌ | ❌ | ❌ | ❌ | ❌ | |
Import custom queue tabs | ❌ | ❌ | ❌ | ❌ | ❌ | |
Share custom queue tabs | ❌ | ❌ | ❌ | ❌ | ❌ | |
Manage shared custom queue tabs | ❌ | ❌ | ❌ | ❌ | ❌ | |
Delete shared custom queue tabs | ❌ | ❌ | ❌ | ❌ | ❌ | |
SOC Queue - Hot Stories | View SOC Queue and Hot Stories | ❌ | ❌ | ❌ | ❌ | ❌ |
Set global thresholds for Hot Stories | ❌ | ❌ | ❌ | ❌ | ❌ | |
Axon Reports | Submit feedback and change status | ❌ | ❌ | ❌ | ❌ | ❌ |
Create and edit reports | ❌ | ❌ | ❌ | ❌ | ❌ | |
Stories | View Stories in the Threat Hunting Module | ❌ | ❌ | ❌ | ❌ | ❌ |
View comments | ❌ | ❌ | ❌ | ❌ | ❌ | |
Add comments | ❌ | ❌ | ❌ | ❌ | ❌ | |
Delete comments (Self) | ❌ | ❌ | ❌ | ❌ | ❌ | |
Set assignee, title, tag and status | ❌ | ❌ | ❌ | ❌ | ❌ | |
Bookmark Story | ❌ | ❌ | ❌ | ❌ | ❌ | |
Leads | View leads in the Threat Hunting module | ❌ | ❌ | ❌ | ❌ | ❌ |
Manage leads: Set Assignee Set Status Set Classification | ❌ | ❌ | ❌ | ❌ | ❌ | |
View comments | ❌ | ❌ | ❌ | ❌ | ❌ | |
Add comments | ❌ | ❌ | ❌ | ❌ | ❌ | |
Delete comments (Self) | ❌ | ❌ | ❌ | ❌ | ❌ | |
Entity Search | View page | ❌ | ❌ | ❌ | ❌ | ❌ |
IOC Search | Run IOC lookups | ❌ | ❌ | ❌ | ❌ | ❌ |
Tags | Manage asset tags | ❌ | ❌ | ❌ | ❌ | ❌ |
Annotations | Manage annotations | ❌ | ❌ | ❌ | ❌ | ❌ |
Dashboards | View dashboards | ✅ | ❌ | ❌ | ❌ | ❌ |
Create, edit and delete dashboards | ✅ | ❌ | ❌ | ❌ | ❌ | |
Notebooks | View notebooks | ✅ | ❌ | ❌ | ❌ | ❌ |
Create, edit and delete notebooks | ✅ | ❌ | ❌ | ❌ | ❌ | |
Support (Default) | Submit a support ticket | ❌ | ❌ | ❌ | ❌ | ❌ |
Configuration | Add data flows | ❌ | ❌ | ❌ | ❌ | ❌ |
Data Source Enrichments | ❌ | ✅ | ❌ | ❌ | ❌ | |
Create, edit and delete Custom Scoring and Ignore Rules | ❌ | ❌ | ❌ | ❌ | ❌ | |
Create, edit and disable Custom Detectors | ❌ | ❌ | ❌ | ❌ | ❌ | |
Create, edit and disable Custom Detectors via API | ❌ | ❌ | ✅ | ❌ | ❌ | |
Create, edit and disable Custom Scoring Rules via API | ❌ | ❌ | ❌ | ✅ | ❌ | |
Create, edit and delete asset tags via API | ❌ | ❌ | ❌ | ❌ | ❌ | |
User Management | Configure SSO | ❌ | ❌ | ❌ | ❌ | ❌ |
View users and roles | ❌ | ❌ | ❌ | ❌ | ✅ | |
Manage users | ❌ | ❌ | ❌ | ❌ | ❌ | |
API management | Manage API tokens | ❌ | ❌ | ❌ | ❌ | ❌ |
Switch Accounts | Switch between sub-accounts under the same parent account (Relevant for Multi-tenant deployment only) | ❌ | ❌ | ❌ | ❌ | ❌ |