Default platform roles

EclecticIQ Intelligence Center ships with the following predefined roles:

  • Threat Analyst: this role can read and manage workspaces and threat intelligence data.

    This role cannot manage users and system services.

  • Team Lead: besides having the same permission set as the Threat Analyst role, this role can assign users to groups, as well as modify user group membership.

  • System Admin: this role can manage incoming and outgoing feeds, enrichers, users, groups, and other system settings.

    This role has limited access to workspaces and threat intelligence data.

These roles enable Intelligence Center users to get started working with the Intelligence Center right away, and to implement basic workflows.

Depending on the workflows your organization enforces, modify the predefined roles, and create new custom roles to satisfy organizational needs.

The following table shows the permissions associated with each default Intelligence Center role:

System Admin

Team Lead

Threat Analyst

System Admin

install knowledge-packs



lock/unlock users



modify blob-uploads




modify collaborators




modify configurations



modify discovery-rules


modify draft-entities


modify enrichers

modify enrichment-rules

modify enrichments

modify entities

modify extracts

modify files


modify graphs


modify groups



modify incoming-feeds



modify intel-sets


modify kibana



modify knowledge-packs



modify outgoing-feeds



modify retention-policies



modify roles



modify rules

modify tasks

modify taxii-services



modify taxonomies

modify ticket-comments


modify tickets


modify user-groups


modify user-roles



modify users



modify workspace-comments


modify workspaces


read audit-trail

read attack


read blob-uploads


read collaborators

read configurations

read content-blocks



read content-types

read destinations

read discovery-rules

read draft-entities


read enrichers

read enrichment-rules

read enrichments

read entities

read extracts

read files


read graphs


read groups

read history-events

read incoming-feeds



read intel-sets


read knowledge-packs



read notifications

read outgoing-feeds



read permissions

read retention-policies



read roles

read rules

read saved-searches


read sources

read tasks

read taxii-services



read taxonomies

read traceback-logs



read ticket-comments


read tickets


read transports

read users

read users-summary

read workspace-comments


read workspaces


reset password