Live Terminal permissions

Abstract

Configure Live Terminal permissions.

Live Terminal enables security teams to establish real-time interactive shell sessions with endpoints for investigation, forensic analysis, and remediation activities.

Permission

Description

Roles Example

None

No access to Live Terminal

SOC Tier-1 Analyst: Initial triage role - should not have direct endpoint shell access. Risk of accidental damage or evidence tampering. Requires advanced skills they may not have

.

View/Edit

Full access to the Live Terminal Investigation & ResponseResponseLive Terminal, and to start a Live Terminal in all menus such as Casuality View, Asset View, Case View, and Broker VM. Users can do the following:

  • Initiate terminal sessions

  • File Explorer (browse, upload, download, delete files)

  • Task Manager (view, terminate processes)

  • Command Line (CMD, PowerShell, Python)

  • All terminal capabilities

  • SOC Tier 2 and 3 Analysts: Perform deeper investigation needing direct endpoint access for evidence collection, process analysis, and targeted remediation.

  • Threat Hunter: Needs direct endpoint access to investigate suspicious activity, collect artifacts, analyze processes, and validate threat hypotheses. Core hunting tool.

  • Security Engineer: Troubleshoots agent issues, tests endpoint configurations, validates security controls, and supports complex case response.