Skip to content

Permissions

In SEKOIA.IO, permissions do not necessarily have common names across the platform.

Use the search bar on top of the permissions list to filter permissions depending on the needed service.

XDR - Operations Center

Alerts

Need to access the alerts page? Search alert and you’ll get all the permissions linked to this page.

Name Description
SIC_WRITE_ALERTS_COMMENT Post a comment on an alert
SIC_WRITE_ALERTS_WORKFLOW Triggers an action on the alert workflow
SIC_WRITE_ALERTS Create, Update and delete alerts
SIC_READ_ALERTS List and access alerts
SIC_READ_ALERT_STATS Get statistics about alerts
SIC_WRITE_GENERATION_MODES Create or edit alert generation mode
SIC_READ_GENERATION_MODES Get generation modes

Note

SIC is the term we use internally for the Operations Center.

Assets

Need to access the Assets page? Search Assets and you’ll get all the permissions linked to this page.

Name Description
ASSETMANAGEMENT_VIEW_CUSTOM_ASSET Allow to read a custom asset
ASSETMANAGEMENT_WRITE_CUSTOM_ASSET_KEY Allow to create a custom key
ASSETMANAGEMENT_CREATE_ASSET_KEY Allow to add a key to an asset
ASSETMANAGEMENT_DELETE_ASSET_KEY Allow to delete a key of an asset
ASSETMANAGEMENT_DELETE_ASSET_ATTRIBUTE Allow to delete an attribute of an asset
ASSETMANAGEMENT_UPDATE_ASSET_ATTRIBUTE Allow to update a key of an asset
ASSETMANAGEMENT_CREATE_ASSET_ATTRIBUTE Allow to add an attribute to an asset
ASSETMANAGEMENT_VIEW_ASSET_ATTRIBUTE Allow to retrieve or list attributes of an asset
ASSETMANAGEMENT_DELETE_ASSET_OWNER Allow to delete an owner of an asset
ASSETMANAGEMENT_CREATE_ASSET_OWNER Allow to add an owner to an asset
ASSETMANAGEMENT_VIEW_ASSET_ONwER Allow to retrieve or list owners of an asset
ASSETMANAGEMENT_DELETE_ASSET Allow to delete an asset
ASSETMANAGEMENT_UPDATE_ASSET Allow to update an asset
ASSETMANAGEMENT_CREATE_ASSET Allow to create a new asset
ASSETMANAGEMENT_VIEW_ASSET Allow to retrieve or list assets
ASSETMANAGEMENT_VIEW_ATTRIBUTE_NAME Allow to list attribute names
ASSETMANAGEMENT_VIEW_ASSET_TYPE Allow to list types of assets
ASSETMANAGEMENT_VIEW_ASSET_CATEGORY Allow to list categories of assets

Cases

Need to access the Cases page? Search incident and you’ll get all the permissions linked to this page.

Name Description
SIC_READ_INCIDENTS Access cases
SIC_WRITE_INCIDENTS Edit cases

Note

Incident is the term we use internally for Cases.

Countermeasures

Need to access the Countermeasures page? Search countermeasure and you’ll get all the permissions linked to this page.

Name Description
SIC_READ_COUNTERMEASURES Get information about a set of countermeasures
SIC_DELETE_COUNTERMEASURES Delete a set of countermeasures
SIC_WRITE_COUNTERMEASURES Create or edit a set of countermeasures

Entities

Need to access the Entities page? Search entity and you’ll get all the permissions linked to this page.

Name Description
SIC_DELETE_ENTITIES Delete entities
SIC_READ_ENTITIES Get information about entities
SIC_WRITE_ENTITIES Create or edit entities

Events

Need to access the events page? Search events and you’ll get all the permissions linked to this page.

Name Description
EVENTS_READ_STATS Read statistics
EVENTS_READ_DATASETS Read anomaly dataset
SIC_READ_EVENT_STATS Get statistics about events

Intakes

Need to access the intakes page and create or edit some intakes? Search intake and you’ll get all the permissions linked to this page.

Name Description
SIC_READ_INTAKES Get information about a set of intakes
SIC_WRITE_INTAKES Create or edit intakes

Rules

Need to set up a role for the Rules Catalog? Search rule and you’ll get all the permissions linked to this page.

Name Description
SIC_CONFIGURE_RULES Configure setting for rules
SIC_ENABLE_DISABLE_RULES Enable or disable rules
SIC_DELETE_RULES Delete rules
SIC_READ_RULES Get information related to rules
SIC_WRITE_RULES Create or edit detection rules

CTI permissions

Need to access the Intelligence Center ? Here are all the permissions linked to the product.

Name Description
INTHREAT_WRITE_GRAPHS Write graphs
INTHREAT_READ_GRAPHS Read graphs
INTHREAT_WRITE_FEEDS Write feeds
INTHREAT_READ_FEEDS Read feeds
INTHREAT_READ_OBSERVABLES Read observables
INTHREAT_READ_OBJECTS Read objects
READ_TELEMETRY Read the telemetry measures
INTHREAT_READ_IOC_COLLECTIONS Read IOC Collections
INTHREAT_WRITE_IOC_COLLECTIONS Write IOC Collections
INTHREAT_READ_IOC_COLLECTIONS_TELEMETRY Read IOC Collections telemetry

Note

InThreat is the term we use internally for the Intelligence Center

TIP permissions

In addition to the following list of permissions, you might also need permissions for playbooks, dashboards and manage communities

Need to access the TIP? Here are all the permissions linked to the product.

TIP Reader

Name Description
INTHREAT_READ_EXPIRATION_RULES Read expiration rules
INTHREAT_READ_FEEDS Read feeds
INTHREAT_READ_GRAPHS Read graphs
INTHREAT_READ_NOTES Write notes/opinions
INTHREAT_READ_OBJECTS Read objects
INTHREAT_READ_OBSERVABLES Read observables

TIP Writer

Name Description
INTHREAT_WRITE_CONTENT_PROPOSALS Modify content proposals
INTHREAT_WRITE_EXPIRATION_RULES Write expiration rules
INTHREAT_WRITE_FEEDS Write feeds
INTHREAT_WRITE_GRAPHS Write graphs
INTHREAT_WRITE_NOTES Write notes/opinions
INTHREAT_WRITE_OBJECTS Write objects
INTHREAT_WRITE_OBSERVABLES Write observables
INTHREAT_WRITE_REQUEST_FOR_INTELLIGENCE Send a request for intelligence
INTHREAT_WRITE_SYNCHRONIZATIONS Write synchronizations
INTHREAT_WRITE_WARNING_RULES Write warning rules
INTHREAT_READ_SYNCHRONIZATIONS Read synchronizations
INTHREAT_READ_CONTENT_PROPOSALS Read content proposals
INTHREAT_READ_WARNING_RULES Read warning rules

Enrichments

Need to access enrichments in the TIP? Search enricher and you'll get all the permissions linked to the feature.

Name Description
ENRICHER_MANAGE_CALLBACKS Manage callbacks
ENRICHER_MANAGE_SETTINGS Manage settings for enrichment services
ENRICHER_PERFORM_ENRICHMENT Perform enrichments
ENRICHER_RETRIEVE_ENRICHMENT Retrieve enrichment

Common

Playbooks

Need to access playbooks? Search symphony and you’ll get all the permissions linked to this page.

Name Description
SYMPHONY_READ_MODULES List and get playbook modules
SYMPHONY_READ_PLAYBOOKS List and get playbooks
SYMPHONY_READ_PLAYBOOK_RUNS List and get playbook runs
SYMPHONY_READ_PLAYBOOK_RUNS_STATS List and get statistics about playbook runs
SYMPHONY_WRITE_PLAYBOOKS Write playbooks
SYMPHONY_WRITE_PLAYBOOK_RUNS Modify playbook Runs

Note

Symphony is the name used internally for Playbooks.

Dashboards

Need to access dashboards? Search dashboard and you’ll get all the permissions linked to this page.

Name Description
DASHBOARD_WRITE_DASHBOARDS Write dashboards
DASHBOARD_READ_DASHBOARDS Read dashboards

Manage communities

Need to manage your communities? Search community and you’ll get all the permissions linked to this section.

Name Description
COMMUNITY_ADD_MEMBER Add user to the community
COMMUNITY_ASSIGN_ROLE Assign role to a user
COMMUNITY_EDIT_COMMUNITY Edit the community’s main information
COMMUNITY_LIST_MEMBER List all users in a community
COMMUNITY_MANAGE_SUB_COMMUNITIES Manage sub-communities
COMMUNITY_READ_APIKEY Read community api keys
COMMUNITY_READ_DELEGATION Read delegations
COMMUNITY_READ_ROLE Read roles
COMMUNITY_REMOVE_MEMBER Remove users from a community
COMMUNITY_REMOVE_ROLE Remove role from a user
COMMUNITY_WRITE_APIKEY Generate and revoke community api keys
COMMUNITY_WRITE_DELEGATION Create or revoke delegations
COMMUNITY_WRITE_ROLE Write roles