| roles/chronicle.restrictedDataAccessViewer |
Grants readonly access to Chronicle API resources without global data access scope. |
Chronicle API Restricted Data Access Viewer |
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.report', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
BETA |
| roles/chroniclesm.admin |
Admins can view and modify Chronicle service details. |
Chronicle Service Admin |
['chroniclesm.gcpAssociations.create', 'chroniclesm.gcpAssociations.delete', 'chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpLogFlowFilters.update', 'chroniclesm.gcpSettings.get', 'chroniclesm.gcpSettings.update'] |
|
GA |
| roles/chronicle.viewer |
Readonly access to the Chronicle API resources. |
Chronicle API Viewer |
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.list', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/chronicle.globalDataAccess |
Grants global access to data i.e. all data can be accessed. |
Chronicle API Global Data Access |
['chronicle.globalDataAccessScopes.permit'] |
|
BETA |
| roles/chronicle.serviceAgent |
Grants Chronicle scoped access to customer project |
Chronicle Service Agent |
['bigquery.connections.create', 'bigquery.connections.delegate', 'bigquery.connections.delete', 'bigquery.connections.get', 'bigquery.connections.getIamPolicy', 'bigquery.connections.list', 'bigquery.connections.update', 'bigquery.connections.updateTag', 'bigquery.connections.use', 'bigquery.datasets.create', 'bigquery.jobs.create', 'bigquery.jobs.get', 'bigquery.tables.create', 'bigquery.tables.delete', 'bigquery.tables.get', 'bigquery.tables.update', 'bigquery.tables.updateData', 'chronicle.instances.get', 'monitoring.alertPolicies.create', 'monitoring.alertPolicies.delete', 'monitoring.alertPolicies.get', 'monitoring.alertPolicies.list', 'monitoring.alertPolicies.update', 'serviceusage.quotas.get', 'serviceusage.services.enable', 'serviceusage.services.get', 'serviceusage.services.list', 'storage.buckets.create', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.setIamPolicy', 'storage.objects.create', 'storage.objects.delete', 'storage.objects.get'] |
|
GA |
| roles/chronicle.admin |
Full access to the Chronicle API services, including global settings. |
Chronicle API Admin |
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.bigQueryAccess.provide', 'chronicle.cases.countPriorities', 'chronicle.collectors.create', 'chronicle.collectors.delete', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.collectors.update', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessLabels.create', 'chronicle.dataAccessLabels.delete', 'chronicle.dataAccessLabels.get', 'chronicle.dataAccessLabels.list', 'chronicle.dataAccessLabels.update', 'chronicle.dataAccessScopes.create', 'chronicle.dataAccessScopes.delete', 'chronicle.dataAccessScopes.get', 'chronicle.dataAccessScopes.list', 'chronicle.dataAccessScopes.permit', 'chronicle.dataAccessScopes.update', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.create', 'chronicle.errorNotificationConfigs.delete', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.errorNotificationConfigs.update', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.extensionValidationReports.get', 'chronicle.extensionValidationReports.list', 'chronicle.feedServiceAccounts.fetch', 'chronicle.feedSourceTypeSchemas.list', 'chronicle.feeds.create', 'chronicle.feeds.delete', 'chronicle.feeds.disable', 'chronicle.feeds.enable', 'chronicle.feeds.generateSecret', 'chronicle.feeds.get', 'chronicle.feeds.list', 'chronicle.feeds.update', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.create', 'chronicle.forwarders.delete', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.forwarders.update', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.generateWorkspaceConnectionToken', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logTypes.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.parserExtensions.activate', 'chronicle.parserExtensions.create', 'chronicle.parserExtensions.delete', 'chronicle.parserExtensions.generateKeyValueMappings', 'chronicle.parserExtensions.get', 'chronicle.parserExtensions.legacySubmitParserExtension', 'chronicle.parserExtensions.list', 'chronicle.parserExtensions.removeSyslog', 'chronicle.parsers.activate', 'chronicle.parsers.activateReleaseCandidate', 'chronicle.parsers.copyPrebuiltParser', 'chronicle.parsers.create', 'chronicle.parsers.deactivate', 'chronicle.parsers.delete', 'chronicle.parsers.generateEventTypesSuggestions', 'chronicle.parsers.get', 'chronicle.parsers.list', 'chronicle.parsers.runParser', 'chronicle.parsingErrors.list', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.delete', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.validationErrors.list', 'chronicle.validationReports.get', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/chronicle.soarServiceAgent |
Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources. |
Chronicle SOAR Service Agent |
['cloudasset.assets.analyzeIamPolicy', 'cloudasset.assets.exportIamPolicy', 'cloudasset.assets.exportResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'compute.firewalls.get', 'compute.firewalls.update', 'compute.instances.deleteAccessConfig', 'compute.instances.get', 'compute.instances.list', 'compute.instances.stop', 'compute.instances.updateNetworkInterface', 'compute.networks.updatePolicy', 'compute.zones.list', 'iam.serviceAccounts.disable', 'iam.serviceAccounts.list', 'recommender.iamPolicyRecommendations.get', 'recommender.iamPolicyRecommendations.list', 'recommender.iamPolicyRecommendations.update', 'resourcemanager.organizations.getIamPolicy', 'securitycenter.findingexternalsystems.update', 'securitycenter.findings.list', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.notificationconfig.create', 'securitycenter.notificationconfig.delete', 'securitycenter.notificationconfig.get', 'securitycenter.notificationconfig.update', 'securitycenter.sources.list', 'storage.buckets.get', 'storage.buckets.getIamPolicy', 'storage.buckets.list', 'storage.buckets.update'] |
|
GA |
| roles/chronicle.editor |
Modify Access to Chronicle API resources. |
Chronicle API Editor |
['chronicle.ais.createFeedback', 'chronicle.ais.translateUdmQuery', 'chronicle.ais.translateYlRule', 'chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.collectors.get', 'chronicle.collectors.list', 'chronicle.conversations.create', 'chronicle.conversations.delete', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.conversations.update', 'chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections', 'chronicle.curatedRuleSetCategories.get', 'chronicle.curatedRuleSetCategories.list', 'chronicle.curatedRuleSetDeployments.batchUpdate', 'chronicle.curatedRuleSetDeployments.get', 'chronicle.curatedRuleSetDeployments.list', 'chronicle.curatedRuleSetDeployments.update', 'chronicle.curatedRuleSets.countCuratedRuleSetDetections', 'chronicle.curatedRuleSets.get', 'chronicle.curatedRuleSets.list', 'chronicle.curatedRules.get', 'chronicle.curatedRules.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.copy', 'chronicle.dashboards.create', 'chronicle.dashboards.delete', 'chronicle.dashboards.edit', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.dataExports.cancel', 'chronicle.dataExports.create', 'chronicle.dataExports.fetchLogTypesAvailableForExport', 'chronicle.dataExports.get', 'chronicle.dataTableOperationErrors.get', 'chronicle.dataTableRows.asyncBulkCreate', 'chronicle.dataTableRows.asyncBulkReplace', 'chronicle.dataTableRows.asyncBulkUpdate', 'chronicle.dataTableRows.bulkCreate', 'chronicle.dataTableRows.bulkReplace', 'chronicle.dataTableRows.bulkUpdate', 'chronicle.dataTableRows.create', 'chronicle.dataTableRows.delete', 'chronicle.dataTableRows.get', 'chronicle.dataTableRows.list', 'chronicle.dataTableRows.update', 'chronicle.dataTables.bulkCreateDataTableAsync', 'chronicle.dataTables.create', 'chronicle.dataTables.delete', 'chronicle.dataTables.get', 'chronicle.dataTables.list', 'chronicle.dataTables.update', 'chronicle.dataTaps.create', 'chronicle.dataTaps.delete', 'chronicle.dataTaps.get', 'chronicle.dataTaps.list', 'chronicle.dataTaps.update', 'chronicle.entities.batchCreate', 'chronicle.entities.batchDelete', 'chronicle.entities.batchValidate', 'chronicle.entities.create', 'chronicle.entities.delete', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.import', 'chronicle.entities.list', 'chronicle.entities.modifyEntityRiskScore', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.import', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinementDeployments.update', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.create', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.findingsRefinements.update', 'chronicle.forwarders.generate', 'chronicle.forwarders.get', 'chronicle.forwarders.list', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.generateCollectionAgentAuth', 'chronicle.instances.generateSoarAuthJwt', 'chronicle.instances.get', 'chronicle.instances.logTypeClassifier', 'chronicle.instances.report', 'chronicle.iocMatches.get', 'chronicle.iocMatches.list', 'chronicle.iocState.get', 'chronicle.iocState.update', 'chronicle.iocs.batchGet', 'chronicle.iocs.findFirstAndLastSeen', 'chronicle.iocs.get', 'chronicle.iocs.searchCuratedDetectionsForIoc', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetCuratedRulesTrends', 'chronicle.legacies.legacyGetDetection', 'chronicle.legacies.legacyGetEventForDetection', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacyGetRuleCounts', 'chronicle.legacies.legacyGetRulesTrends', 'chronicle.legacies.legacyRunTestRule', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCuratedDetections', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDetections', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchRuleDetectionCountBuckets', 'chronicle.legacies.legacySearchRuleDetectionEvents', 'chronicle.legacies.legacySearchRuleResults', 'chronicle.legacies.legacySearchRulesAlerts', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.legacies.legacyStreamDetectionAlerts', 'chronicle.legacies.legacyTestRuleStreaming', 'chronicle.legacies.legacyUpdateAlert', 'chronicle.legacies.legacyUpdateFinding', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.import', 'chronicle.logs.list', 'chronicle.messages.create', 'chronicle.messages.delete', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.messages.update', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.create', 'chronicle.nativeDashboards.delete', 'chronicle.nativeDashboards.duplicate', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.nativeDashboards.update', 'chronicle.operations.cancel', 'chronicle.operations.delete', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.referenceLists.create', 'chronicle.referenceLists.get', 'chronicle.referenceLists.list', 'chronicle.referenceLists.update', 'chronicle.referenceLists.verifyReferenceList', 'chronicle.retrohunts.create', 'chronicle.retrohunts.get', 'chronicle.retrohunts.list', 'chronicle.riskConfigs.get', 'chronicle.riskConfigs.update', 'chronicle.ruleDeployments.get', 'chronicle.ruleDeployments.list', 'chronicle.ruleDeployments.update', 'chronicle.ruleExecutionErrors.list', 'chronicle.rules.create', 'chronicle.rules.get', 'chronicle.rules.list', 'chronicle.rules.listRevisions', 'chronicle.rules.update', 'chronicle.rules.verifyRuleText', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'chronicle.watchlists.create', 'chronicle.watchlists.delete', 'chronicle.watchlists.get', 'chronicle.watchlists.list', 'chronicle.watchlists.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |
| roles/chronicle.restrictedDataAccess |
Grants access to data controlled by Data Access Scopes. Intended to be refined by IAM Conditions. |
Chronicle API Restricted Data Access |
['chronicle.dataAccessScopes.permit'] |
|
BETA |
| roles/chronicle.soarAdmin |
Grants admin access to Chronicle SOAR. |
Chronicle SOAR Admin |
['chronicle.instances.soarAdmin', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list'] |
|
BETA |
| roles/chronicle.soarVulnerabilityManager |
Grants vulnerability manager access to Chronicle SOAR. |
Chronicle SOAR Vulnerability Manager |
['chronicle.instances.soarVulnerabilityManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list'] |
|
BETA |
| roles/chronicle.soarThreatManager |
Grants threat manager access to Chronicle SOAR. |
Chronicle SOAR Threat Manager |
['chronicle.instances.soarThreatManager', 'cloudasset.assets.exportResource', 'cloudasset.assets.queryAccessPolicy', 'cloudasset.assets.queryIamPolicy', 'cloudasset.assets.queryOSInventories', 'cloudasset.assets.queryResource', 'cloudasset.assets.searchAllIamPolicies', 'cloudasset.assets.searchAllResources', 'cloudasset.assets.searchEnrichmentResourceOwners', 'resourcemanager.organizations.get', 'resourcemanager.projects.get', 'resourcemanager.projects.list', 'securitycenter.attackpaths.list', 'securitycenter.exposurepathexplan.get', 'securitycenter.findings.bulkMuteUpdate', 'securitycenter.findings.group', 'securitycenter.findings.list', 'securitycenter.findings.listFindingPropertyNames', 'securitycenter.findings.setMute', 'securitycenter.findings.setState', 'securitycenter.findings.update', 'securitycenter.findingsecuritymarks.update', 'securitycenter.simulations.get', 'securitycenter.userinterfacemetadata.get', 'securitycenter.valuedresources.list'] |
|
BETA |
| roles/chroniclesm.viewer |
Viewers can see Chronicle service details but not change them. |
Chronicle Service Viewer |
['chroniclesm.gcpAssociations.get', 'chroniclesm.gcpLogFlowFilters.get', 'chroniclesm.gcpSettings.get'] |
|
GA |
| roles/chronicle.limitedViewer |
Grants readonly access to Chronicle API resources, excluding Rules and Retrohunts. |
Chronicle API Limited Viewer |
['chronicle.analyticValues.list', 'chronicle.analytics.list', 'chronicle.cases.countPriorities', 'chronicle.conversations.get', 'chronicle.conversations.list', 'chronicle.dashboardCharts.get', 'chronicle.dashboardCharts.list', 'chronicle.dashboardQueries.execute', 'chronicle.dashboardQueries.get', 'chronicle.dashboardQueries.list', 'chronicle.dashboards.get', 'chronicle.dashboards.list', 'chronicle.dashboards.schedule', 'chronicle.dataAccessScopes.list', 'chronicle.entities.find', 'chronicle.entities.findRelatedEntities', 'chronicle.entities.get', 'chronicle.entities.queryEntityRiskScoreModifications', 'chronicle.entities.searchEntities', 'chronicle.entities.summarize', 'chronicle.entities.summarizeFromQuery', 'chronicle.entityRiskScores.queryEntityRiskScores', 'chronicle.errorNotificationConfigs.get', 'chronicle.errorNotificationConfigs.list', 'chronicle.events.batchGet', 'chronicle.events.findUdmFieldValues', 'chronicle.events.get', 'chronicle.events.queryProductSourceStats', 'chronicle.events.searchRawLogs', 'chronicle.events.udmSearch', 'chronicle.events.validateQuery', 'chronicle.findingsGraphs.exploreNode', 'chronicle.findingsGraphs.initializeGraph', 'chronicle.findingsRefinementDeployments.get', 'chronicle.findingsRefinementDeployments.list', 'chronicle.findingsRefinements.computeActivity', 'chronicle.findingsRefinements.computeAllActivities', 'chronicle.findingsRefinements.get', 'chronicle.findingsRefinements.list', 'chronicle.findingsRefinements.test', 'chronicle.globalDataAccessScopes.permit', 'chronicle.ingestionLogLabels.get', 'chronicle.ingestionLogLabels.list', 'chronicle.ingestionLogNamespaces.get', 'chronicle.ingestionLogNamespaces.list', 'chronicle.instances.get', 'chronicle.legacies.legacyBatchGetCases', 'chronicle.legacies.legacyCalculateAlertStats', 'chronicle.legacies.legacyFetchAlertsView', 'chronicle.legacies.legacyFetchUdmSearchCsv', 'chronicle.legacies.legacyFetchUdmSearchView', 'chronicle.legacies.legacyFindAssetEvents', 'chronicle.legacies.legacyFindRawLogs', 'chronicle.legacies.legacyFindUdmEvents', 'chronicle.legacies.legacyGetAlert', 'chronicle.legacies.legacyGetFinding', 'chronicle.legacies.legacySearchAlerts', 'chronicle.legacies.legacySearchArtifactEvents', 'chronicle.legacies.legacySearchArtifactIoCDetails', 'chronicle.legacies.legacySearchAssetEvents', 'chronicle.legacies.legacySearchCustomerStats', 'chronicle.legacies.legacySearchDomainsRecentlyRegistered', 'chronicle.legacies.legacySearchDomainsTimingStats', 'chronicle.legacies.legacySearchEnterpriseWideAlerts', 'chronicle.legacies.legacySearchEnterpriseWideIoCs', 'chronicle.legacies.legacySearchFindings', 'chronicle.legacies.legacySearchIngestionStats', 'chronicle.legacies.legacySearchIoCInsights', 'chronicle.legacies.legacySearchRawLogs', 'chronicle.legacies.legacySearchUserEvents', 'chronicle.logTypeSchemas.list', 'chronicle.logs.export', 'chronicle.logs.get', 'chronicle.logs.list', 'chronicle.messages.get', 'chronicle.messages.list', 'chronicle.multitenantDirectories.get', 'chronicle.nativeDashboards.get', 'chronicle.nativeDashboards.list', 'chronicle.operations.get', 'chronicle.operations.list', 'chronicle.operations.streamSearch', 'chronicle.operations.wait', 'chronicle.preferenceSets.get', 'chronicle.preferenceSets.update', 'chronicle.searchQueries.create', 'chronicle.searchQueries.delete', 'chronicle.searchQueries.get', 'chronicle.searchQueries.list', 'chronicle.searchQueries.update', 'resourcemanager.projects.get', 'resourcemanager.projects.list'] |
|
GA |