Threat Intelligence permissions ↗
Configure Threat Intelligence permissions.
Located under → → , these permissions govern how your organization interacts with indicators (IPs, URLs, Domains, Hashes) and intelligence feeds. It allows you to transform raw data from sources like Unit 42 or AlienVault into actionable security logic.
Notice
This feature requires the Threat Intelligence Management (TIM) license or the Cortex XSIAM Premium license.
For more information, see Threat Intel Management.
Component | Description | Roles Example |
|---|---|---|
None | No access to the Indicators page. | |
View | Users can search the indicator database and view reputation scores. | SOC Tier-1 analysts: View threat intelligence context for investigations. |
View/Edit | Full control to manage indicator rules, manually override reputation scores, and configure intelligence feeds. |
|