Limit access to incidents and investigations in Cortex XSOAR.
In any SOC team, there are various roles and responsibilities. For example, you may have specific teams to deal with threats, such as threat intelligence researchers, security analysts (Tier 1), senior analysts (Tier 2), SOC leads, SOC managers, and SIEM engineers. Administrators can exclude access to incident actions and investigations using role-based permissions. For example, you may want to limit the ability to change the incident status or manage the Work Plan. For more information, see Role-based permissions.
You can limit access to investigations, by doing the following:
Restrict an investigation
Limit investigations according to specific user roles
Give read-only access to certain user roles