External Issues Mapping permissions ↗
Configure External Issues Mapping permissions (under Data Collection).
Configure how alerts from third-party systems are translated into Cases through → → → .
For more information, see External alerts using External Issue Mapping.
Permission | Description | Roles Example |
|---|---|---|
None | Users cannot access the External Issue Mapping page. | SOC Tier-1 Analyst: External mapping configuration is not within Tier-1 scope. |
View | Users can access the External Issue Mapping page and view all configured issue mappings and parsers. They can review how external alerts from third-party systems (such as Splunk, QRadar, or other SIEMs) are being mapped to issue fields. They can examine parser configurations, field mappings, and transformation rules. |
|
View/Edit | Users have full control over external issue mapping configurations. They can create new parsers and mapping rules, modify existing field mappings and transformation logic, enable or disable specific mappings, configure how external issue fields map to issue properties, and delete mapping configurations. | Security Engineer: Responsible for configuring alert mappings and parsers. |