Log Collection permissions

Abstract

Configure log collection permissions (under Data Collection)

Configure XDR Collectors, installers, and collection policies through SettingsConfigurationsXDR Collectors.

Permission

Description

Roles Example

None

No access to the XDR Collectors configuration pages.

SOC Tier-1 Analyst: Focus on issue triage; log collection configuration is not within their scope.

View

Read-only access to the XDR Collector menu, including configuration, administration, and groups.

  • SOC Tier 2 and 3 Analyst: May need to verify collection status when investigating cases.

  • Threat Hunter: May need to verify data collection during threat hunting activities.

View/Edit

Full read and write access. The user can view, create, modify, and delete configurations, collection profiles, and policies.

Security Engineer: Responsible for configuring and maintaining log collection infrastructure.