The MSSP-related roles include the following:
MSSP Admin - The MSSP Admin role includes full access to view/manage security data, raw data access, and onboarding, admin access, and configuration of the account and users
MSSP Client - MSSP end client role. Read-only access to view security-related information, raw data access, and data onboarding capability. They can observe the security status of their systems and access relevant insights without making any changes
MSSP Client Limited - A restricted MSSP end client role with access to view the SOC Queue, Alerts, Dashboards, and Notebooks, and the ability to view and add comments. Does not include access to the Leads and Stories pages, data source or dataflow views, or asset tag management.
Switch Account - Switch between sub-accounts under the same parent account (Relevant for Multi-tenant deployment only)
Category | Action | MSSP Admin | MSSP Client | MSSP Client Limited | Switch Account |
|---|---|---|---|---|---|
Audit | View Audit logs and connectivity events | ✅ | ✅ | ✅ | ❌ |
SOC Queue - Alerts | View SOC Queue Alerts | ✅ | ✅ | ✅ | ❌ |
Manage Alerts: Set Assignee Set Status Set Classification | ✅ | ❌ | ❌ | ❌ | |
View comments | ✅ | ❌ | ✅ | ❌ | |
Add comments | ✅ | ❌ | ✅ | ❌ | |
Delete comments (Self) | ✅ | ❌ | ❌ | ❌ | |
Set the global alert thresholds for leads to generate Alerts | ✅ | ❌ | ❌ | ❌ | |
Create custom queue tabs | ✅ | ✅ | ✅ | ❌ | |
Import custom queue tabs | ✅ | ❌ | ❌ | ❌ | |
Share custom queue tabs | ✅ | ❌ | ❌ | ❌ | |
Manage shared custom queue tabs | ✅ | ❌ | ❌ | ❌ | |
Delete shared custom queue tabs | ✅ | ❌ | ❌ | ❌ | |
SOC Queue - Hot Stories | View SOC Queue and Hot Stories | ✅ | ✅ | ✅ | ❌ |
Set global thresholds for Hot Stories | ✅ | ❌ | ❌ | ❌ | |
Axon Reports | Submit feedback and change status | ✅ | ❌ | ❌ | ❌ |
Create and edit reports | ✅ | ❌ | ❌ | ❌ | |
Stories | View Stories in the Threat Hunting Module | ✅ | ✅ | ❌ | ❌ |
View comments | ✅ | ❌ | ✅ | ❌ | |
Add comments | ✅ | ❌ | ✅ | ❌ | |
Delete comments (Self) | ✅ | ❌ | ❌ | ❌ | |
Set assignee, title, tag and status | ✅ | ❌ | ❌ | ❌ | |
Bookmark Story | ✅ | ❌ | ❌ | ❌ | |
Leads | View leads in the Threat Hunting module | ✅ | ✅ | ❌ | ❌ |
Manage leads: Set Assignee Set Status Set Classification | ✅ | ❌ | ❌ | ❌ | |
View comments | ✅ | ❌ | ✅ | ❌ | |
Add comments | ✅ | ❌ | ✅ | ❌ | |
Delete comments (Self) | ✅ | ❌ | ❌ | ❌ | |
Entity Search | View page | ✅ | ✅ | ✅ | ❌ |
IOC Search | Run IOC lookups | ✅ | ✅ | ✅ | ❌ |
Tags | Manage asset tags | ✅ | ✅ | ❌ | ❌ |
Annotations | Manage annotations | ✅ | ❌ | ❌ | ❌ |
Dashboards | View dashboards | ✅ | ✅ | ✅ | ❌ |
Create, edit and delete dashboards | ✅ | ❌ | ✅ | ❌ | |
Notebooks | View notebooks | ✅ | ✅ | ✅ | ❌ |
Create, edit and delete notebooks | ✅ | ✅ | ❌ | ❌ | |
Support (Default) | Submit a support ticket | ✅ | ❌ | ✅ | ❌ |
Configuration | Add data flows | ✅ | ❌ | ❌ | ❌ |
Data Source Enrichments | ✅ | ❌ | ❌ | ||
Create, edit and delete Custom Scoring and Ignore Rules | ✅ | ❌ | ❌ | ❌ | |
Create, edit and disable Custom Detectors | ✅ | ❌ | ❌ | ❌ | |
Create, edit and disable Custom Detectors via API | ✅ | ❌ | ❌ | ❌ | |
Create, edit and disable Custom Scoring Rules via API | ✅ | ❌ | ❌ | ❌ | |
Create, edit and delete asset tags via API | ✅ | ❌ | ❌ | ❌ | |
User Management | Configure SSO | ✅ | ❌ | ❌ | ❌ |
View users and roles | ✅ | ❌ | ❌ | ❌ | |
Manage users | ✅ | ❌ | ❌ | ❌ | |
API management | Manage API tokens | ✅ | ❌ | ❌ | ❌ |
Switch Accounts | Switch between sub-accounts under the same parent account (Relevant for Multi-tenant deployment only) | ✅ | ❌ | ❌ | ✅ |