The document describes various capabilities in Splunk Enterprise Security (ES) and which user roles have access to them. It lists capabilities such as editing correlation searches, distributed configuration management, identity lookup configuration, and incident review settings. It notes which roles, such as ess_user, ess_analyst, and ess_admin have access to each capability.
The document describes various capabilities in Splunk Enterprise Security (ES) and which user roles have access to them. It lists capabilities such as editing correlation searches, distributed configuration management, identity lookup configuration, and incident review settings. It notes which roles, such as ess_user, ess_analyst, and ess_admin have access to each capability.
The document describes various capabilities in Splunk Enterprise Security (ES) and which user roles have access to them. It lists capabilities such as editing correlation searches, distributed configuration management, identity lookup configuration, and incident review settings. It notes which roles, such as ess_user, ess_analyst, and ess_admin have access to each capability.
ES Edit correlation Edit correlation searches on edit_correlationsearches searches Content Management. See schedule_search Configure correlation searches in Splunk Enterprise Security. Users with this capability can also export content from Content Management as an app. See Export content as an app from Splunk Enterprise Security.
Use distributed configuration
Edit Distributed management. See Deploy Configuration edit_modinput_es_deployment_manager X add-ons included with Splunk Management Enterprise Security.
Make changes to the Enterprise
Edit ES Security navigation. See edit_es_navigation X navigation Customize the menu bar in Splunk Enterprise Security.
Manage Asset and Identity
lookup configurations. See Add asset and identity data to Edit identity Splunk Enterprise Security, lookup Enable asset and identity edit_modinput_identity_manager X configuration correlation in Splunk Enterprise Security, and Manage assets and identities in Splunk Enterprise Security.
Make changes to Incident
Edit Incident Review settings. See Customize edit_log_review_settings X Review Incident Review in Splunk Enterprise Security.
Create and make changes to
lookup table files. See Create edit_lookups, Edit lookups X and manage lookups in Splunk edit_managed_configurations Enterprise Security.
Make changes to the statuses
available to select for Edit statuses investigations and notable edit_reviewstatuses X events. See Manage notable event statuses.
Edit notable Edit Splunk eventtypes in the edit_suppressions X
event Threat Intelligence supporting suppressions add-on, and create and edit notable event suppressions. See Create and manage notable event suppressions.
The ess_user and
ess_analyst roles don't have the default ability to edit suppressions through