Data Broker permissions - Configure access to the Broker VM infrastructure. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

None

Cannot view or manage Broker VMs

SOC Tier 1 and 2 Analysts: Infrastructure management is not part of analyst duties.

View

Can view Broker VMs, their status, applet configurations, and clusters.

View/Edit

Can create, configure, and manage Broker VMs, applets, and clusters.

Security Engineer: Responsible for data collection infrastructure and Broker management.

Log Collections

View

Broker VMs are the primary infrastructure for log collection and need visibility into the collection status. Strongly recommended.

Data Sources

View

Understand data sources feeding through Broker VMs. Strongly recommended.

Agent Administrations

View

Brokers interact with agent infrastructure; agents connect through Brokers. Strongly recommended.

Auditing

View

Track changes to Broker configurations for compliance. Strongly recommended.

Cases & Issues

View

Broker issues may generate cases requiring investigation. Recommended.

Integrations

View

Brokers host integrations; need visibility into integration health. Recommended.

Alert Notifications

View

Syslog forwarding through Brokers is tied to notification configuration. Recommended.

Live Terminal

View

Remote terminal access to Broker VMs for troubleshooting. Recommended.

General Configuration

View

Server settings may affect Broker behavior. Recommended.

Query Center

View

Query Broker-related data for troubleshooting collection issues. Recommended.