Application Security - Generic Collector permissions ↗
The Generic Collector is a data source integration type within the Application Security module that allows ingestion of code scan data from external third-party security tools into Cortex XSIAM. Access the 3rd party AppSec Collector data source by going to →
Unlike built-in VCS integrations (GitHub, GitLab, etc.) and CI/CD integrations (Jenkins, CircleCI, etc.), the Generic Collector provides a flexible API endpoint for receiving scan results in supported formats (e.g., SARIF). Each collector instance is assigned a unique API URL and API key for external tool authentication.
Notice
Scan results ingested by the collector flow into Cortex XSIAM require a Cloud Posture Security, Cloud Runtime Security, or Cortex XSIAM Premium license plus the Application Security add-on.
Permission | Description | Roles Example |
|---|---|---|
None | No access to the 3rd Party AppSec Collector on the Data Sources page. | SOC Tier-1, 2, and 3 Analysts, and Threat Hunters: They do not need to create/modify collectors. None is appropriate. |
View/Edit | Full access to create, configure, view, enable/disable, and delete the 3rd Party AppSec Collector instances, provided users also have Data Sources View/Edit permission. NoteIf users have View permission for Data Sources, they can view the 3rd Party AppSec Collector, but cannot create or edit. | Security Engineers: Responsible for configuring and maintaining the security tooling pipeline. They need to create new collectors, configure detection methods, manage API keys, and troubleshoot ingestion issues. |
Required and recommended permissions
The following permissions are needed alongside the Generic Collector permission for effective use. These apply generally regardless of role.
Permission | Permission Level | Reason |
|---|---|---|
Data Sources | View or View/Edit |
|
Asset Inventory | View or View/Edit |
|
Integrations | View/Edit |
|
Query Center | View & View/Edit |
|
Cases & Issues | View/Edit | Correlate collector-sourced AppSec issues with cases and issues. Recommended. |