The MSSP-related roles include the following:
MSSP Admin - The MSSP Admin role includes full access to view/manage security data, raw data access, and onboarding, admin access, and configuration of the account and users
MSSP Client - MSSP end client role. Read-only access to view security-related information, raw data access, and data onboarding capability. They can observe the security status of their systems and access relevant insights without making any changes
Switch Account - Switch between sub-accounts under the same parent account (Relevant for Multi-tenant deployment only)
Category | Action | MSSP Admin | MSSP Client | Switch Account |
|---|---|---|---|---|
Audit | View Audit logs and connectivity events | ✅ | ✅ | ✅ |
SOC Queue - Alerts | View SOC Queue Alerts | ✅ | ✅ | ❌ |
Manage Alerts: Set Assignee Set Status Set Classification | ✅ | ❌ | ❌ | |
View comments | ✅ | ❌ | ❌ | |
Add comments | ✅ | ❌ | ❌ | |
Delete comments (Self) | ✅ | ❌ | ❌ | |
Set the global alert thresholds for leads to generate Alerts | ✅ | ❌ | ❌ | |
Create custom queue tabs | ✅ | ✅ | ❌ | |
Import custom queue tabs | ✅ | ❌ | ❌ | |
Share custom queue tabs | ✅ | ❌ | ❌ | |
Manage shared custom queue tabs | ✅ | ❌ | ❌ | |
Delete shared custom queue tabs | ✅ | ❌ | ❌ | |
SOC Queue - Hot Stories | View SOC Queue and Hot Stories | ✅ | ✅ | ❌ |
Set global thresholds for Hot Stories | ✅ | ❌ | ❌ | |
Axon Reports | Submit feedback and change status | ✅ | ❌ | ❌ |
Create and edit reports | ✅ | ❌ | ❌ | |
Stories | View Stories in the Threat Hunting Module | ✅ | ✅ | ❌ |
View comments | ✅ | ❌ | ❌ | |
Add comments | ✅ | ❌ | ❌ | |
Delete comments (Self) | ✅ | ❌ | ❌ | |
Set assignee, title, tag and status | ✅ | ❌ | ❌ | |
Bookmark Story | ✅ | ❌ | ❌ | |
Leads | View leads in the Threat Hunting module | ✅ | ✅ | ❌ |
Manage leads: Set Assignee Set Status Set Classification | ✅ | ❌ | ❌ | |
View comments | ✅ | ❌ | ❌ | |
Add comments | ✅ | ❌ | ❌ | |
Delete comments (Self) | ✅ | ❌ | ❌ | |
Entity Search | View page | ✅ | ✅ | ❌ |
IOC Search | Run IOC lookups | ✅ | ✅ | ❌ |
Tags | Manage asset tags | ✅ | ✅ | ❌ |
Annotations | Manage annotations | ✅ | ❌ | ❌ |
Dashboards | View dashboards | ✅ | ✅ | ❌ |
Create, edit and delete dashboards | ✅ | ❌ | ❌ | |
Notebooks | View notebooks | ✅ | ✅ | ❌ |
Create, edit and delete notebooks | ✅ | ❌ | ❌ | |
Support (Default) | Submit a support ticket | ✅ | ✅ | ❌ |
Configuration | Add data flows | ✅ | ❌ | ❌ |
Data Source Enrichments | ❌ | ❌ | ||
Create, edit and delete Custom Scoring and Ignore Rules | ✅ | ❌ | ❌ | |
Create, edit and disable Custom Detectors | ✅ | ❌ | ❌ | |
Create, edit and disable Custom Detectors via API | ✅ | ❌ | ❌ | |
Create, edit and disable Custom Scoring Rules via API | ✅ | ❌ | ❌ | |
Create, edit and delete asset tags via API | ✅ | ❌ | ❌ | |
User Management | Configure SSO | ✅ | ❌ | ❌ |
View users and roles | ✅ | ❌ | ❌ | |
Manage users | ✅ | ❌ | ❌ | |
API management | Manage API tokens | ✅ | ❌ | ❌ |
Switch Accounts | Switch between sub-accounts under the same parent account (Relevant for Multi-tenant deployment only) | ✅ | ❌ | ✅ |