@@ -86,76 +86,6 @@ Following are the capabilities you can assign when you [create roles](create-man
8686| Access Search Audit Events | View and download audit logs of search queries executed in the UI. | ` accessSearchAuditEvents ` |
8787| Access Audit Events | View and download audit logs of admin and config events. | ` accessAuditEvents ` |
8888
89- ## Cloud SOAR
90-
91- [ Cloud SOAR] ( /docs/cloud-soar/ ) capabilities appear in the Roles UI only if Cloud SOAR has been enabled for your account.
92-
93- ::: info
94- This section is for our Cloud SOAR SaaS version. If you have a legacy Cloud SOAR instance URL matching the pattern ` *.soar.sumologic.com ` , see [ Legacy Cloud SOAR role capabilities] ( #legacy-cloud-soar ) .
95- :::
96-
97- ### SaaS Cloud SOAR
98-
99- | Capability category | Capability | Description| API |
100- | :-- | :-- | :-- | :--|
101- | View Cloud SOAR|| Show “Cloud SOAR” link in nav.| ` viewCloudSoar ` |
102- | Incident| View| View all [ incidents] ( /docs/cloud-soar/incidents-triage/ ) .| ` cloudSoarIncidentView ` |
103- | Incident| Access| Access your incidents.| ` cloudSoarIncidentAccess ` |
104- | Incident| Access All| Access all incidents.| ` cloudSoarIncidentAccessAll ` |
105- | Incident| Edit| Create, edit, delete incidents.| ` cloudSoarIncidentEdit ` |
106- | Incident| Bulk Operations| Manage incident bulk operations.| ` cloudSoarIncidentBulkOperations ` |
107- | Incident| Manage Investigators| Assign/remove investigators.| ` cloudSoarIncidentManageInvestigators ` |
108- | Incident| Change Ownership| Change incident ownership.| ` cloudSoarIncidentChangeOwnership ` |
109- | Triage| View| View all [ triage] ( /docs/cloud-soar/incidents-triage/ ) .| ` cloudSoarIncidentTriageView ` |
110- | Triage| Access| Access your triage events.| ` cloudSoarIncidentTriageAccess ` |
111- | Triage| Access All| Access all triage events.| ` cloudSoarIncidentTriageAccessAll ` |
112- | Triage| Change Ownership| Change triage ownership.| ` cloudSoarIncidentTriageChangeOwnership ` |
113- | Triage| Edit| Create, edit, delete triage events.| ` cloudSoarIncidentTriageEdit ` |
114- | Triage| Bulk Physical Delete| Bulk-delete triage events.| ` cloudSoarIncidentTriageBulkPhysicalDelete ` |
115- | Folders| Edit| Create, edit, delete playbook folders.| ` cloudSoarIncidentFoldersEdit ` |
116- | Attachments| Access| View attachments.| ` cloudSoarIncidentAttachmentsAccess ` |
117- | Attachments| Edit| Create, edit, delete attachments.| ` cloudSoarIncidentAttachmentsEdit ` |
118- | Incident Playbook| Access| View playbooks.| ` cloudSoarIncidentPlaybooksAccess ` |
119- | Incident Playbook| Edit| Create, edit, delete playbooks.| ` cloudSoarIncidentPlaybooksEdit ` |
120- | Incident Playbook| Manage| Manage playbook lifecycle.| ` cloudSoarIncidentPlaybooksManage ` |
121- | Note| Access| View notes.| ` cloudSoarIncidentNotesAccess ` |
122- | Note| Edit| Create, edit, delete notes.| ` cloudSoarIncidentNotesEdit ` |
123- | War Room| Use| Participate in War Room.| ` cloudSoarIncidentWarRoomUse ` |
124- | Settings General| Configure| Configure global settings.| ` cloudSoarGeneralConfigure ` |
125- | User Management| Groups| Manage groups.| ` cloudSoarUserManagementGroups ` |
126- | Notification| Configure| Configure notifications.| ` cloudSoarNotificationConfigure ` |
127- | Customization| Logo| Customize logo.| ` cloudSoarCustomizationLogo ` |
128- | Customization| Fields| Customize fields.| ` cloudSoarCustomizationFields ` |
129- | Customization| Incident Labels| Customize incident labels.| ` cloudSoarCustomizationIncidentLabels ` |
130- | Customization| Triage| Customize triage UI.| ` cloudSoarCustomizationTriage ` |
131- | Audit & Info| License Information| View license audit info.| ` cloudSoarAuditAndInformationLicenseInformation ` |
132- | Audit & Info| Audit Trail| View audit trail.| ` cloudSoarAuditAndInformationAuditTrail ` |
133- | Audit & Info| Configure Audit Trail| Configure audit trail.| ` cloudSoarAuditAndInformationConfigureAuditTrail ` |
134- | API| Use| Use the Cloud SOAR API.| ` cloudSoarAPIUse ` |
135- | API| API Admin| Administer Cloud SOAR API.| ` cloudSoarAPIAdmin ` |
136- | API| Email Read| Read email artifacts.| ` cloudSoarAPIEmailRead ` |
137- | API| Email Edit| Create, edit, delete email artifacts.| ` cloudSoarAPIEmailEdit ` |
138- | Incident Templates| Access| View incident templates.| ` cloudSoarIncidentTemplatesAccess ` |
139- | Incident Templates| Configure| Configure incident templates.| ` cloudSoarIncidentTemplatesConfigure ` |
140- | Automation Rules| Access| View automation rules.| ` cloudSoarAutomationRulesAccess ` |
141- | Automation Rules| Configure| Configure automation rules.| ` cloudSoarAutomationRulesConfigure ` |
142- | Entities| Access| View entities.| ` cloudSoarEntitiesAccess ` |
143- | Entities| Manage| Create, edit, delete entities.| ` cloudSoarEntitiesManage ` |
144- | Entities| Bulk Physical Delete| Bulk-delete entities.| ` cloudSoarEntitiesBulkPhysicalDelete ` |
145- | Report| Access| View reports.| ` cloudSoarReportAccess ` |
146- | Report| Access All| Access all reports.| ` cloudSoarReportAll ` |
147- | Dashboard| Access| View dashboards.| ` cloudSoarDashboardAccess ` |
148- | Dashboard| Access All| Access all dashboards.| ` cloudSoarDashboardAll ` |
149- | Widgets| Use All| Use all widgets.| ` cloudSoarWidgetsAll ` |
150-
151- ### Legacy Cloud SOAR
152-
153- | Capability | Description | API |
154- | :-- | :-- | :-- |
155- | View Cloud SOAR| Show “Cloud SOAR” link in nav (legacy URL). | ` viewCloudSoarLegacy ` |
156- | Settings General| Configure legacy settings. | ` settingsGeneralLegacy ` |
157- | Configure| Update legacy configuration. | ` configureLegacy ` |
158-
15989## Automation Service
16090
16191| Capability | Description | API |
@@ -198,14 +128,6 @@ This section is for our Cloud SOAR SaaS version. If you have a legacy Cloud SOAR
198128
199129<!-- UI capabilities don't match API spec capabilities -->
200130
201- | Capability | Description | API |
202- | :-- | :-- | :-- |
203- | Manage Users And Roles | ? | ? |
204-
205- ## Usage Management
206-
207- <!-- UI capabilities don't match API spec capabilities -->
208-
209131| Capability | Description | API |
210132| :-- | :-- | :-- |
211133| View Usage Management | ? | ? |
@@ -235,59 +157,6 @@ This section is for our Cloud SOAR SaaS version. If you have a legacy Cloud SOAR
235157| :-- | :-- | :-- |
236158| Manage Macros | ? | ? |
237159
238- ### Legacy Cloud SOAR role capabilities
239-
240- | View Cloud SOAR | | Users with a role that grants this capability will see a ** Cloud SOAR** link in the left-nav bar of the Sumo Logic UI. |
241- | Incident | View | View all [ incidents] ( /docs/cloud-soar/incidents-triage/ ) . |
242- | Incident | Access | Access your incidents. |
243- | Incident | Access all | Access all incidents. |
244- | Incident | Edit | Create, edit, and delete incidents. |
245- | Incident | Bulk Operations | Manage incident bulk operations. |
246- | Incident | Manage Investigators | Manage investigators assigned to incidents. |
247- | Incident | Change Ownership | Change ownership of incidents. |
248- | Triage | View | View all [ triage] ( /docs/cloud-soar/incidents-triage/ ) events. |
249- | Triage | Access | Access your triage events. |
250- | Triage | Access all | Access all triage events. |
251- | Triage | Change Ownership | Change ownership of triage events. |
252- | Triage | Edit | Create, edit,and delete triage events. |
253- | Triage | Bulk physical delete | Perform bulk deletion of triage events. |
254- | Folders | Edit | Create, edit, and delete folders. |
255- | Attachments | Access | Access all [ attachments] ( /docs/cloud-soar/incidents-triage/#documentation-tab ) . |
256- | Attachments | Edit | Create, edit, and delete attachments. |
257- | Incident Playbook | Access | Access all [ incident playbooks] ( /docs/cloud-soar/incidents-triage/#playbooks ) . |
258- | Incident Playbook | Edit | Create, edit, and delete incident playbooks. |
259- | Incident Playbook | Manage | Manage incident playbooks. |
260- | Note | Access | Access all [ notes] ( /docs/cloud-soar/incidents-triage/#notes ) . |
261- | Note | Edit | Create, edit, and delete notes. |
262- | War Room | Use | Be able to use the [ War Room] ( /docs/cloud-soar/incidents-triage/#war-room ) . |
263- | Settings General | Configure | Configure [ settings] ( /docs/cloud-soar/settings/ ) . |
264- | User Management | Groups | Manage [ groups] ( /docs/cloud-soar/settings/#groups ) . |
265- | Notification | Configure | Configure [ notifications] ( /docs/cloud-soar/settings/#notifications ) . |
266- | Customization | Logo | Customize the logo. |
267- | Customization | Fields | Customize [ fields] ( /docs/cloud-soar/settings/#custom-fields ) . |
268- | Customization | Incident Labels | Customize incident labels. |
269- | Customization | Triage | Customize triage. |
270- | Audit and Information | License Information | View license [ audit and information] ( /docs/cloud-soar/legacy/legacy-cloud-soar-global-functions-menu/#audit-and-information ) . |
271- | Audit and Information | Audit Trail | View audit trail information. |
272- | Audit and Information | Configure Audit Trail | Configure audit trail information. |
273- | API | Use | Use [ APIs] ( /docs/api/cloud-soar/ ) . |
274- | API | Api Admin | Have admin access to APIs. |
275- | API | Email Read | Read emails. |
276- | API | Email Edit | Create, edit, and delete emails. |
277- | Incident Templates | Access | Access all [ incident templates] ( /docs/cloud-soar/automation/#incident-templates ) . |
278- | Incident Templates | Configure | Configure templates. |
279- | Automation Rules | Access | Access [ automation rules] ( /docs/cloud-soar/automation/#automation-rules ) . |
280- | Automation Rules | Configure | Configure automation rules. |
281- | Entities | Access | Access all [ entities] ( /docs/cloud-soar/incidents-triage/#entities ) . |
282- | Entities | Manage | Manage entities. |
283- | Entities | Bulk Physical Delete | Perform bulk deletion of entities. |
284- | Report | Access | Access your [ reports] ( /docs/cloud-soar/incidents-triage/#report ) . |
285- | Report | Access all | Access all reports. |
286- | Dashboard | Access | Access your [ dashboards] ( /docs/cloud-soar/incidents-triage/#dashboards ) . |
287- | Dashboard | Access all | Access all dashboards. |
288- | Widgets | Use all | Use all [ widgets] ( /docs/cloud-soar/incidents-triage/#create-widgets ) . |
289-
290-
291160## Organizations
292161
293162<!-- UI capabilities don't match API spec capabilities -->
@@ -301,13 +170,75 @@ This section is for our Cloud SOAR SaaS version. If you have a legacy Cloud SOAR
301170| Upgrade Trial Organizations | Upgrade trial organizations (Service Providers only). | ` upgradeTrialOrganizations ` |
302171| Deactivate Organizations | Deactivate trial organizations (Service Providers only). | ` deactivateOrganizations ` |
303172
304- ## Cloud SIEM
173+ ## Cloud SOAR
305174
306- [ Cloud SIEM] ( /docs/cse/ ) features only show if enabled.
175+ [ Cloud SOAR] ( /docs/cloud-soar/ ) capabilities appear in the roles UI only if Cloud SOAR has been enabled for your account.
176+
177+ ::: info
178+ This section is for our Cloud SOAR SaaS version. If you have a legacy Cloud SOAR instance URL matching the pattern ` *.soar.sumologic.com ` , see [ Legacy Cloud SOAR] ( #legacy-cloud-soar ) .
179+ :::
180+
181+ ### SaaS Cloud SOAR
182+
183+ | Capability category | Capability | Description| API |
184+ | :-- | :-- | :-- | :--|
185+ | View Cloud SOAR|| Show “Cloud SOAR” link in nav.| ` viewCloudSoar ` |
186+ | Incident| View| View all [ incidents] ( /docs/cloud-soar/incidents-triage/ ) .| ` cloudSoarIncidentView ` |
187+ | Incident| Access| Access your incidents.| ` cloudSoarIncidentAccess ` |
188+ | Incident| Access All| Access all incidents.| ` cloudSoarIncidentAccessAll ` |
189+ | Incident| Edit| Create, edit, delete incidents.| ` cloudSoarIncidentEdit ` |
190+ | Incident| Bulk Operations| Manage incident bulk operations.| ` cloudSoarIncidentBulkOperations ` |
191+ | Incident| Manage Investigators| Assign/remove investigators.| ` cloudSoarIncidentManageInvestigators ` |
192+ | Incident| Change Ownership| Change incident ownership.| ` cloudSoarIncidentChangeOwnership ` |
193+ | Triage| View| View all [ triage] ( /docs/cloud-soar/incidents-triage/ ) .| ` cloudSoarIncidentTriageView ` |
194+ | Triage| Access| Access your triage events.| ` cloudSoarIncidentTriageAccess ` |
195+ | Triage| Access All| Access all triage events.| ` cloudSoarIncidentTriageAccessAll ` |
196+ | Triage| Change Ownership| Change triage ownership.| ` cloudSoarIncidentTriageChangeOwnership ` |
197+ | Triage| Edit| Create, edit, delete triage events.| ` cloudSoarIncidentTriageEdit ` |
198+ | Triage| Bulk Physical Delete| Bulk-delete triage events.| ` cloudSoarIncidentTriageBulkPhysicalDelete ` |
199+ | Folders| Edit| Create, edit, delete playbook folders.| ` cloudSoarIncidentFoldersEdit ` |
200+ | Attachments| Access| View attachments.| ` cloudSoarIncidentAttachmentsAccess ` |
201+ | Attachments| Edit| Create, edit, delete attachments.| ` cloudSoarIncidentAttachmentsEdit ` |
202+ | Incident Playbook| Access| View playbooks.| ` cloudSoarIncidentPlaybooksAccess ` |
203+ | Incident Playbook| Edit| Create, edit, delete playbooks.| ` cloudSoarIncidentPlaybooksEdit ` |
204+ | Incident Playbook| Manage| Manage playbook lifecycle.| ` cloudSoarIncidentPlaybooksManage ` |
205+ | Note| Access| View notes.| ` cloudSoarIncidentNotesAccess ` |
206+ | Note| Edit| Create, edit, delete notes.| ` cloudSoarIncidentNotesEdit ` |
207+ | War Room| Use| Participate in War Room.| ` cloudSoarIncidentWarRoomUse ` |
208+ | Settings General| Configure| Configure global settings.| ` cloudSoarGeneralConfigure ` |
209+ | User Management| Groups| Manage groups.| ` cloudSoarUserManagementGroups ` |
210+ | Notification| Configure| Configure notifications.| ` cloudSoarNotificationConfigure ` |
211+ | Customization| Logo| Customize logo.| ` cloudSoarCustomizationLogo ` |
212+ | Customization| Fields| Customize fields.| ` cloudSoarCustomizationFields ` |
213+ | Customization| Incident Labels| Customize incident labels.| ` cloudSoarCustomizationIncidentLabels ` |
214+ | Customization| Triage| Customize triage UI.| ` cloudSoarCustomizationTriage ` |
215+ | Audit & Info| License Information| View license audit info.| ` cloudSoarAuditAndInformationLicenseInformation ` |
216+ | Audit & Info| Audit Trail| View audit trail.| ` cloudSoarAuditAndInformationAuditTrail ` |
217+ | Audit & Info| Configure Audit Trail| Configure audit trail.| ` cloudSoarAuditAndInformationConfigureAuditTrail ` |
218+ | API| Use| Use the Cloud SOAR API.| ` cloudSoarAPIUse ` |
219+ | API| API Admin| Administer Cloud SOAR API.| ` cloudSoarAPIAdmin ` |
220+ | API| Email Read| Read email artifacts.| ` cloudSoarAPIEmailRead ` |
221+ | API| Email Edit| Create, edit, delete email artifacts.| ` cloudSoarAPIEmailEdit ` |
222+ | Incident Templates| Access| View incident templates.| ` cloudSoarIncidentTemplatesAccess ` |
223+ | Incident Templates| Configure| Configure incident templates.| ` cloudSoarIncidentTemplatesConfigure ` |
224+ | Automation Rules| Access| View automation rules.| ` cloudSoarAutomationRulesAccess ` |
225+ | Automation Rules| Configure| Configure automation rules.| ` cloudSoarAutomationRulesConfigure ` |
226+ | Entities| Access| View entities.| ` cloudSoarEntitiesAccess ` |
227+ | Entities| Manage| Create, edit, delete entities.| ` cloudSoarEntitiesManage ` |
228+ | Entities| Bulk Physical Delete| Bulk-delete entities.| ` cloudSoarEntitiesBulkPhysicalDelete ` |
229+ | Report| Access| View reports.| ` cloudSoarReportAccess ` |
230+ | Report| Access All| Access all reports.| ` cloudSoarReportAll ` |
231+ | Dashboard| Access| View dashboards.| ` cloudSoarDashboardAccess ` |
232+ | Dashboard| Access All| Access all dashboards.| ` cloudSoarDashboardAll ` |
233+ | Widgets| Use All| Use all widgets.| ` cloudSoarWidgetsAll ` |
307234
308- | Capability | Description | API |
309- | :-- | :-- | :-- |
310- | View Cloud SIEM | Show “Cloud SIEM” link in nav. | ` viewCse ` |
235+ ### Legacy Cloud SOAR
236+
237+ | Capability | Description | API |
238+ | :-- | :-- | :-- |
239+ | View Cloud SOAR| Show “Cloud SOAR” link in nav (legacy URL). | ` viewCloudSoarLegacy ` |
240+ | Settings General| Configure legacy settings. | ` settingsGeneralLegacy ` |
241+ | Configure| Update legacy configuration. | ` configureLegacy ` |
311242
312243## Cloud SIEM
313244
0 commit comments