Managed Services permissions

Abstract

Configure access to Managed Services for Unit 42 Managed Threat Hunting and Managed Detection and Response.

Controls access to the Managed Services page for the Unit 42 Managed Threat Hunting (MTH) and Managed Detection & Response (MDR).

Notice

Requires a Managed Threat Hunting or Managed Detection and Response license. The tenant must be paired as a managed service tenant.

Threads

Threads are a collaborative communication record between a managed service provider (Unit 42 Managed Threat Hunting or Managed Detection & Response) and your tenant. Each thread represents an operational report delivered by the provider to you, along with all associated collaboration artifacts.

The Threads permission controls whether a user can access the Managed Services page, where all threads are listed, and whether they can perform actions on those threads (update status, assign users, add/edit/delete comments, attach files).

Permission

Description

Roles Example

None

No access to the Managed Services page.

None specified as a default, but applicable for roles that do not interact with managed service findings

View

Grants read-only access to the Managed Services page, including viewing threat reports, comments, report status, and assigned users.

  • SOC Tier-1 Analyst: Needs visibility into managed service threat reports to understand the threat landscape and triage related issues, but should not modify the thread status or assignments.

  • Security Engineer: Needs awareness of managed service findings for tuning detections and policies, but typically does not need to collaborate directly on threads.

View/Edit

Grants the ability to perform write operations: update thread status, assign/reassign users to threads, add/edit/delete comments, and attach files to comments.

  • SOC Tier-2 and 3 Analysts: Actively work on cases related to managed service reports. Needs to update thread status, add comments to collaborate with Unit 42/MDR analysts, and assign threads.

  • Threat Hunters: Primary consumer and collaborator on managed service threat reports. Must be able to update status, comment, and assign threads as part of the hunting workflow.