Threat Management permissions

Abstract

Configure Detection Rules and Threat Intel permissions.

Threat Management encompasses Detection rules and threat intelligence capabilities, providing security teams with tools to detect, investigate, and respond to threats.

Caution

Threat Intelligence and Detection Rules are interconnected. To allow users to automatically create IOC detection rules from intelligence feeds, you must grant them View/Edit in Detection Rules. When users are reviewing IOC rules, they must have View access to Threat Intelligence to see the actual indicators the rule is matching against