Default Intelligence Center roles#
EclecticIQ Intelligence Center ships with the following predefined roles:
Threat Analyst: this role can read and manage workspaces and threat intelligence data.
This role cannot manage users and system services.
Team Lead: besides having the same permission set as the Threat Analyst role, this role can assign users to groups, as well as modify user group membership.
System Admin: this role can manage incoming and outgoing feeds, enrichers, users, groups, and other system settings.
This role has limited access to workspaces and threat intelligence data.
These roles enable Intelligence Center users to get started working with EclecticIQ Intelligence Center right away, and to implement basic workflows.
Depending on the workflows your organization enforces, modify the predefined roles, and create new custom roles to satisfy organizational needs.
The following table shows the permissions associated with each default Intelligence Center role:
Team Lead |
Threat Analyst |
System Admin |
|
---|---|---|---|
install knowledge-packs |
✅ |
||
lock/unlock users |
✅ |
||
modify attack |
✅ |
✅ |
|
modify blob-uploads |
|||
modify collaborators |
|||
modify configurations |
✅ |
||
modify discovery-rules |
✅ |
✅ |
|
modify draft-entities |
✅ |
✅ |
|
modify enrichers |
✅ |
✅ |
✅ |
modify enrichment-rules |
✅ |
✅ |
✅ |
modify enrichments |
✅ |
✅ |
✅ |
modify entities |
✅ |
✅ |
✅ |
modify extracts |
✅ |
✅ |
✅ |
modify files |
✅ |
✅ |
|
modify graphs |
✅ |
✅ |
|
modify groups |
✅ |
||
modify incoming-feeds |
✅ |
||
modify intel-sets |
✅ |
✅ |
|
modify kibana |
✅ |
||
modify knowledge-packs |
✅ |
||
modify outgoing-feeds |
✅ |
||
modify retention-policies |
✅ |
||
modify roles |
✅ |
||
modify rules |
✅ |
✅ |
✅ |
modify tasks |
✅ |
✅ |
✅ |
modify taxii-services |
✅ |
||
modify taxonomies |
✅ |
✅ |
✅ |
modify ticket-comments |
✅ |
✅ |
|
modify tickets |
✅ |
✅ |
|
modify user-groups |
✅ |
✅ |
|
modify user-roles |
✅ |
||
modify users |
✅ |
||
modify workspace-comments |
✅ |
✅ |
|
modify workspaces |
✅ |
✅ |
|
read audit-trail |
✅ |
✅ |
✅ |
read attack |
✅ |
✅ |
|
read blob-uploads |
✅ |
✅ |
|
read collaborators |
✅ |
✅ |
✅ |
read configurations |
✅ |
✅ |
✅ |
read content-blocks |
✅ |
||
read content-types |
✅ |
✅ |
✅ |
read destinations |
✅ |
✅ |
✅ |
read discovery-rules |
✅ |
✅ |
✅ |
read draft-entities |
✅ |
✅ |
|
read enrichers |
✅ |
✅ |
✅ |
read enrichment-rules |
✅ |
✅ |
✅ |
read enrichments |
✅ |
✅ |
✅ |
read entities |
✅ |
✅ |
✅ |
read extracts |
✅ |
✅ |
✅ |
read files |
✅ |
✅ |
|
read graphs |
✅ |
✅ |
|
read groups |
✅ |
✅ |
✅ |
read history-events |
✅ |
✅ |
✅ |
read incoming-feeds |
✅ |
||
read intel-sets |
✅ |
✅ |
|
read knowledge-packs |
✅ |
||
read notifications |
✅ |
✅ |
✅ |
read outgoing-feeds |
✅ |
||
read permissions |
✅ |
✅ |
✅ |
read retention-policies |
✅ |
||
read roles |
✅ |
✅ |
✅ |
read rules |
✅ |
✅ |
✅ |
read sources |
✅ |
✅ |
✅ |
read tasks |
✅ |
✅ |
✅ |
read taxii-services |
✅ |
||
read taxonomies |
✅ |
✅ |
✅ |
read traceback-logs |
✅ |
||
read ticket-comments |
✅ |
✅ |
|
read tickets |
✅ |
✅ |
|
read transports |
✅ |
✅ |
✅ |
read users |
✅ |
✅ |
✅ |
read users-summary |
✅ |
✅ |
✅ |
read workspace-comments |
✅ |
✅ |
|
read workspaces |
✅ |
✅ |
|
reset password |
✅ |