Attack Surface permissions ↗
Set permissions for Attack Surface Management rules and Vulnerability permissions.
Attack Surface Management (ASM) identifies exposed assets, misconfigurations, and vulnerabilities on your organization's external-facing attack surface. This permission covers the following:
Attack Surface Rules: Detection rules that generate issues when specific external exposures are found (e.g., exposed RDP, insecure SSH).
Vulnerability Testing: An active scanning module that performs non-intrusive and intrusive tests against discovered services to validate CVEs and exposures, generating CVSS/EPSS scores.
Attack Surface Rules
Attack Surface Rules permission controls access to:
→ → → .
→ →
→ → →
Note
Requires an ASM, Exposure Management, or Cortex XSIAM Premium license.
If your organization does not have a Cortex XSIAM Premium license, users can only access Attack Surface features through the Modules menu. The Posture Management menu paths are not available.
For more information, see Attack Surface Rules.
Permission | Description | Roles Example |
|---|---|---|
None | No access to the Attack Surface Rules and Global Lookup pages. | |
View | Read-only access to view all attack surface rules, their status, priority, and details. The Global Lookup page is read-only. |
|
View/Edit | Full edit access to all view permissions, including enable/disable rules, update priority, and bulk-update policies. |
|
Vulnerability Testing
Vulnerability Testing permission controls access to:
→ → →
→ → → → .
Note
Requires the Attack Surface Management or Cortex XSIAM Premium license.
For more information, see Attack surface tests.
Permission | Description | Roles Example |
|---|---|---|
None | No access to the Attack Surface Tests and Attack Surface Testing Configuration pages. | |
View | The test results table is visible and read-only. Can view CVE details, CVSS scores, EPSS scores, and affected software. Can see the Attack Surface Testing Configuration page from → → → . |
|
View/Edit | Full access to the Attack Surface Tests page, including enable/disable tests, trigger manual scans. Users have full access to the Attack Surface Testing Configuration page. |
|
Required and recommended permissions
To effectively configure attack surface rules and active tests, administrators and analysts require deep visibility into the underlying asset inventory and the resulting security issues. Consider adding the following permissions:
Permission | Permission Level | Reason |
|---|---|---|
Asset Management | View | Required for Attack Surface Rules and Vulnerability Management to access the asset inventory where tested services and rules reside. |
Cases & Issues | View or View/Edit |
|
Attack Surface Rules | View | Strongly recommended for Vulnerability Testing. Provides visibility into the attack surface rules that define what is being tested. Helps users understand the context of vulnerability test results. |
Vulnerability Testing | View | Strongly recommended for Attack Surface Rules. Provides visibility into vulnerability test results that are related to attack surface findings. Useful for understanding the full context of an exposure. |
Vulnerability Management | View | Recommended for Vulnerability Management. Provides access to the broader vulnerability management dashboards where test findings are aggregated into vulnerability issues. Useful for understanding the full lifecycle of a finding. |