Default Intelligence Center roles#

EclecticIQ Intelligence Center ships with the following predefined roles:

  • Threat Analyst: this role can read and manage workspaces and threat intelligence data.

    This role cannot manage users and system services.

  • Team Lead: besides having the same permission set as the Threat Analyst role, this role can assign users to groups, as well as modify user group membership.

  • System Admin: this role can manage incoming and outgoing feeds, enrichers, users, groups, and other system settings.

    This role has limited access to workspaces and threat intelligence data.

These roles enable Intelligence Center users to get started working with EclecticIQ Intelligence Center right away, and to implement basic workflows.

Depending on the workflows your organization enforces, modify the predefined roles, and create new custom roles to satisfy organizational needs.

The following table shows the permissions associated with each default Intelligence Center role:

System Admin

Team Lead

Threat Analyst

System Admin

install knowledge-packs

lock/unlock users

modify blob-uploads

modify collaborators

modify configurations

modify discovery-rules

modify draft-entities

modify enrichers

modify enrichment-rules

modify enrichments

modify entities

modify extracts

modify files

modify graphs

modify groups

modify incoming-feeds

modify intel-sets

modify kibana

modify knowledge-packs

modify outgoing-feeds

modify retention-policies

modify roles

modify rules

modify tasks

modify taxii-services

modify taxonomies

modify ticket-comments

modify tickets

modify user-groups

modify user-roles

modify users

modify workspace-comments

modify workspaces

read audit-trail

read attack

read blob-uploads

read collaborators

read configurations

read content-blocks

read content-types

read destinations

read discovery-rules

read draft-entities

read enrichers

read enrichment-rules

read enrichments

read entities

read extracts

read files

read graphs

read groups

read history-events

read incoming-feeds

read intel-sets

read knowledge-packs

read notifications

read outgoing-feeds

read permissions

read retention-policies

read roles

read rules

read saved-searches

read sources

read tasks

read taxii-services

read taxonomies

read traceback-logs

read ticket-comments

read tickets

read transports

read users

read users-summary

read workspace-comments

read workspaces

reset password