chronicle.ais.createFeedback
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.ais.translateUdmQuery
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.ais.translateYlRule
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.analyticValues.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.analytics.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.bigQueryAccess.provide
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.bigQueryExport.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.bigQueryExport.provision
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.bigQueryExport.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.cases.countPriorities
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle SOAR Admin (roles/chronicle.soarAdmin)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.collectors.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.collectors.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.collectors.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.collectors.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.collectors.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.conversations.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.conversations.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.conversations.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.conversations.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.conversations.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.curatedRuleSetCategories.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.curatedRuleSetCategories.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.curatedRuleSetDeployments.batchUpdate
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.curatedRuleSetDeployments.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.curatedRuleSetDeployments.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.curatedRuleSetDeployments.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.curatedRuleSets.countCuratedRuleSetDetections
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.curatedRuleSets.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.curatedRuleSets.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.curatedRules.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.curatedRules.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dashboardCharts.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dashboardCharts.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dashboardQueries.execute
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dashboardQueries.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dashboardQueries.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dashboards.copy
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.dashboards.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.dashboards.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dashboards.edit
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dashboards.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.dashboards.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.dashboards.schedule
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dataAccessLabels.create
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataAccessLabels.delete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataAccessLabels.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataAccessLabels.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dataAccessLabels.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataAccessScopes.create
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataAccessScopes.delete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataAccessScopes.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataAccessScopes.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dataAccessScopes.permit
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Restricted Data Access (roles/chronicle.restrictedDataAccess)
chronicle.dataAccessScopes.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.dataExports.cancel
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataExports.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataExports.fetchLogTypesAvailableForExport
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dataExports.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dataTableOperationErrors.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dataTableRows.asyncBulkCreate
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.asyncBulkReplace
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.asyncBulkUpdate
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.bulkCreate
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.bulkReplace
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.bulkUpdate
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTableRows.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dataTableRows.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dataTableRows.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTables.bulkCreateDataTableAsync
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTables.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTables.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTables.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dataTables.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dataTables.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTaps.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTaps.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.dataTaps.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.dataTaps.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.dataTaps.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.enrichmentControls.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.enrichmentControls.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.enrichmentControls.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.enrichmentControls.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.entities.batchCreate
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.entities.batchDelete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.entities.batchValidate
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.entities.create
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.entities.delete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.entities.find
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.entities.findRelatedEntities
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.entities.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.entities.import
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.entities.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.entities.modifyEntityRiskScore
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.entities.queryEntityRiskScoreModifications
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.entities.searchEntities
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.entities.summarize
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.entities.summarizeFromQuery
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.entityRiskScores.queryEntityRiskScores
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.errorNotificationConfigs.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.errorNotificationConfigs.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.errorNotificationConfigs.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.errorNotificationConfigs.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.errorNotificationConfigs.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.events.batchGet
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.events.findUdmFieldValues
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.events.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.events.import
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.events.queryProductSourceStats
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.events.searchRawLogs
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.events.udmSearch
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.events.validateQuery
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.extensionValidationReports.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.extensionValidationReports.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.federationGroups.create
Owner (roles/owner)
Chronicle API Federation Admin (roles/chronicle.federationAdmin)
chronicle.federationGroups.delete
Owner (roles/owner)
Chronicle API Federation Admin (roles/chronicle.federationAdmin)
chronicle.federationGroups.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Federation Admin (roles/chronicle.federationAdmin)
Chronicle API Federation Viewer (roles/chronicle.federationViewer)
chronicle.federationGroups.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Federation Admin (roles/chronicle.federationAdmin)
Chronicle API Federation Viewer (roles/chronicle.federationViewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.federationGroups.update
Owner (roles/owner)
Chronicle API Federation Admin (roles/chronicle.federationAdmin)
chronicle.feedServiceAccounts.fetch
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.feedSourceTypeSchemas.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.feeds.create
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.feeds.delete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.feeds.disable
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.feeds.enable
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.feeds.generateSecret
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.feeds.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.feeds.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.feeds.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.findingsGraphs.exploreNode
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.findingsGraphs.initializeGraph
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.findingsRefinementDeployments.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.findingsRefinementDeployments.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.findingsRefinementDeployments.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.findingsRefinements.computeActivity
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.findingsRefinements.computeAllActivities
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.findingsRefinements.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.findingsRefinements.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.findingsRefinements.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.findingsRefinements.test
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.findingsRefinements.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.forwarders.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.forwarders.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.forwarders.generate
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.forwarders.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.forwarders.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.forwarders.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.globalDataAccessScopes.permit
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Global Data Access (roles/chronicle.globalDataAccess)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.ingestionLogLabels.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.ingestionLogLabels.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.ingestionLogNamespaces.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.ingestionLogNamespaces.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.instances.delete
Owner (roles/owner)
Chronicle API Data Governor (roles/chronicle.dataGovernor)
chronicle.instances.generateCollectionAgentAuth
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.instances.generateSoarAuthJwt
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.instances.generateWorkspaceConnectionToken
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.instances.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.instances.graduatePocInstance
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.instances.logTypeClassifier
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.instances.permitFederationAccess
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Federation Admin (roles/chronicle.federationAdmin)
Chronicle API Federation Viewer (roles/chronicle.federationViewer)
chronicle.instances.report
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.instances.soarAdmin
Owner (roles/owner)
Chronicle SOAR Admin (roles/chronicle.soarAdmin)
chronicle.instances.soarThreatManager
Owner (roles/owner)
Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)
chronicle.instances.soarVulnerabilityManager
Owner (roles/owner)
Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)
chronicle.instances.undelete
Owner (roles/owner)
Chronicle API Data Governor (roles/chronicle.dataGovernor)
chronicle.instances.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.instances.verifyNonce
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
chronicle.iocAssociations.batchGet
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocAssociations.fetchRelatedIocAssociations
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocAssociations.fetchRelatedThreatCollections
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocAssociations.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocMatches.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocMatches.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.iocState.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocState.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.iocs.batchGet
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocs.findFirstAndLastSeen
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocs.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.iocs.searchCuratedDetectionsForIoc
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyBatchGetCases
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyBatchGetCollections
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyFetchAlertsView
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyFetchUdmSearchCsv
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyFetchUdmSearchView
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyFindAssetEvents
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyFindRawLogs
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyFindUdmEvents
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyGetAlert
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyGetCuratedRulesTrends
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyGetDetection
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.legacies.legacyGetEventForDetection
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyGetRuleCounts
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyGetRulesTrends
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyRunTestRule
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchArtifactEvents
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchArtifactIoCDetails
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.legacies.legacySearchAssetEvents
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.legacies.legacySearchCuratedDetections
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.legacies.legacySearchCustomerStats
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchDetections
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.legacies.legacySearchDomainsRecentlyRegistered
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchDomainsTimingStats
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchEnterpriseWideAlerts
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchEnterpriseWideIoCs
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.legacies.legacySearchFindings
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchIngestionStats
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchIoCInsights
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchRawLogs
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchRuleDetectionCountBuckets
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchRuleDetectionEvents
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchRuleResults
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchRulesAlerts
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacySearchUserEvents
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyStreamDetectionAlerts
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.legacies.legacyTestRuleStreaming
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.legacies.legacyUpdateAlert
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.logTypeSchemas.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.logTypeSettings.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.logTypeSettings.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.logTypeSettings.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.logTypes.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.logs.export
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.logs.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.logs.import
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.logs.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.messages.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.messages.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.messages.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.messages.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.messages.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.multitenantDirectories.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.nativeDashboards.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.nativeDashboards.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.nativeDashboards.duplicate
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.nativeDashboards.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.nativeDashboards.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.nativeDashboards.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.operations.cancel
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.operations.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.operations.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.operations.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.operations.streamSearch
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.operations.wait
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.parserExtensions.activate
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parserExtensions.create
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parserExtensions.delete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parserExtensions.generateKeyValueMappings
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parserExtensions.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parserExtensions.legacySubmitParserExtension
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parserExtensions.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.parserExtensions.removeSyslog
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.activate
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.activateReleaseCandidate
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.copyPrebuiltParser
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.create
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.deactivate
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.delete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.generateEventTypesSuggestions
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsers.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.parsers.runParser
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.parsingErrors.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.preferenceSets.get
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.preferenceSets.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.referenceLists.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.referenceLists.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.referenceLists.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.referenceLists.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.referenceLists.verifyReferenceList
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.retrohunts.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.retrohunts.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.retrohunts.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.riskConfigs.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.riskConfigs.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.ruleDeployments.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.ruleDeployments.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.ruleDeployments.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.ruleExecutionErrors.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.rules.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.rules.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
chronicle.rules.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Service agent roles
Warning: Don't grant service agent roles to any principals except service agents.roles/chronicle.serviceAgent)chronicle.rules.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.rules.listRevisions
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.rules.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.rules.verifyRuleText
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.searchQueries.create
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.searchQueries.delete
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.searchQueries.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.searchQueries.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.searchQueries.update
Owner (roles/owner)
Editor (roles/editor)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Restricted Data Access Viewer (roles/chronicle.restrictedDataAccessViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.threatCollections.fetchIocMatchMetadata
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.threatCollections.fetchRuleMetadata
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.threatCollections.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.threatCollections.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Limited Viewer (roles/chronicle.limitedViewer)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.validationErrors.list
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.validationReports.get
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
chronicle.watchlists.create
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.watchlists.delete
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
chronicle.watchlists.get
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
chronicle.watchlists.list
Owner (roles/owner)
Editor (roles/editor)
Viewer (roles/viewer)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
Chronicle API Viewer (roles/chronicle.viewer)
Security Admin (roles/iam.securityAdmin)
Security Reviewer (roles/iam.securityReviewer)
chronicle.watchlists.update
Owner (roles/owner)
Chronicle API Admin (roles/chronicle.admin)
Chronicle API Editor (roles/chronicle.editor)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4