Automation Exclusion Center permissions

Abstract

Configure Automation Exclusion Center permissions.

Controls access to the Automation Exclusion Center (SettingsConfigurationsAutomationAutomation Exclusion Center), which prevents a command or script from a remediation action. For more information, see Automation Exclusion Center.

Permission

Description

Roles Example

None

Cannot access the Automation Exclusion Center, view any exclusion policies, or view excluded assets.

SOC Tier 1: Do not need to view exclusion policies or excluded assets.

View

Can access the Automation Exclusion Center (read-only), view exclusion policies, excluded assets and counts, and view policy compliance status.

SOC Tier 2 and 3 Analysts and Threat Hunters: Need View access to help understand automation behavior.

View/Edit

All View capabilities, plus create new exclusion policies, edit existing policies, delete policies, manage asset exclusions, and update policy rules.

Security Engineers: Need to configure automation behavior and permissions.