The Generic roles include the following:
Read only - Limited access to features and capabilities
Analyst - Access to view and manage security-related information, raw data access
Advanced Analyst - Access to view and manage security-related information, raw data access, detection creation, and tuning
Security Engineer - Access to view and manage security-related configuration, including threshold, detection creation, and tuning
Data Engineer - Access to view, onboard and manage data sources
Customer - Full functionality over the majority of features and capabilities
Customer Admin - Admin permissions across the entire tenant
Category | Action | Read Only | Analyst | Advanced Analyst | Security Engineer | Data Engineer | Customer | Customer Admin |
|---|---|---|---|---|---|---|---|---|
Audit | View Audit logs and connectivity events | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ |
SOC Queue - Alerts | View SOC Queue Alerts | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Manage Alerts: Set Assignee Set Status Set Classification | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | |
View comments | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Add comments | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Delete comments (Self) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Set the global alert thresholds for leads to generate Alerts | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | |
Create custom queue tabs | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Import custom queue tabs | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Share custom queue tabs | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | |
Manage shared custom queue tabs | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | |
Delete shared custom queue tabs | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | |
SOC Queue - Hot Stories | View SOC Queue and Hot Stories | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Set global thresholds for Hot Stories | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | |
Axon Reports | Submit feedback and change status | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Create and edit reports | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
Stories | View Stories in the Threat Hunting Module | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
View comments | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Add comments | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Delete comments (Self) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Set assignee, title, tag and status | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | |
Bookmark Story | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | |
Leads | View leads in the Threat Hunting module | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Manage leads: Set Assignee Set Status Set Classification | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | |
View comments | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Add comments | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |
Delete comments (Self) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ||
Entity Search | View page | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
IOC Search | Run IOC lookups | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Tags | Manage asset tags | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Annotations | Manage annotations | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Dashboards | View dashboards | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Create, edit and delete dashboards | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | |
Notebooks | View notebooks | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Create, edit and delete notebooks | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | |
Support (Default) | Submit a support ticket | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Configuration | Add data flows | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |
Data Source Enrichments | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | |
Create, edit and delete Custom Scoring and Ignore Rules | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | |
Create, edit and disable Custom Detectors | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | |
Create, edit and disable Custom Detectors via API | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | |
Create, edit and disable Custom Scoring Rules via API | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | |
Create, edit and delete asset tags via API | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | |
User Management | Configure SSO | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
View users and roles | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | |
Manage users | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | |
API management | Manage API tokens | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |
Switch Accounts | Switch between sub-accounts under the same parent account (Relevant for Multi-tenant deployment only) | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ |