Minimum role permissions required to perform Live Response
search cancel

Minimum role permissions required to perform Live Response

book

Article ID: 403697

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard Carbon Black Cloud Audit and Remediation Carbon Black Cloud Container Carbon Black Cloud Enterprise EDR Carbon Black Cloud Managed Detection and Response Carbon Black Cloud Prevention Carbon Black Cloud Workload Carbon Black Cloud Managed Threat Hunting

Issue/Introduction

What specific permissions are required for Live response to work?

Environment

  • Carbon Black Cloud Console: Current Version
  • Live Response

Resolution

  1. Open the Carbon Black Cloud Console with an Administrator role
  2. Go to Settings > Roles > Click Add Role
  3. Create a custom role with below permissions: 
    Alerts-> View Alerts, Notes, and Tags
Custom Detections->View Watchlists
Endpoint Management ->View Devices and Groups
Live Response->Dump Memory and Remove Live Response
Live Response->Execute Live Response Processes
Live Response->Use Live Response
Live Response->View Live Response
Organization Settings->Download Sensor Kits
Policy Management->View Policies
Public Cloud-> View public cloud inventory
Workload Management->View Workloads
  4. Save.
Powered by Wolken Software