Roles will determine the level of permissions that can be set for each of the users. Console comes with three types of roles by default. Roles can be added or modified as per needs following this document.
Default : This role deals with the very minimal set of permissions for the users. It will provide the access to the console, nevertheless user will not have permissions to view the alerts or modify the user roles.
Basic : This role grants very fundamental access to the console for the users. They will be able to View or Resolve the alerts, View Detections, and Investigate the alerts.
Admin : This role deals with the administrative privileges. By default, Admin has the all the permissions listed in the next section for ex: Add new Users, Add New Rules and Edit Global Settings.
Permissions manages the type of accesses that can be set and fine tuned. Here are the types of permissions and the subsets available in the Console.
Users : Sets the permissions to add new users, view or modify existing users.
- View Users
- Add Users
- Remove Users
- Edit Users
Roles : Sets the permissions to add new roles, view or modify existing roles.
- View Roles
- Create Roles
- Delete Roles
- Edit Roles
Activity : Sets the permissions to view, create or manage events.
- View Alerts
- Create Alerts
- Resolve Alerts
- Manage Alerts
Investigations : Sets the permissions to run and manage queries.
- View Queries
- Run Queries
- Delete Queries
Detections : View and Manage Detections.
- View Detections
- Edit Detections
Settings : View and Edit Settings.
- View Global Settings
- Edit Global Settings
Resources : Discover and View Resources.
- View Resources Page
- Discover Resources
History : View History Log
- View History Log