Cases requirements

edit

To access cases, you need either the appropriate predefined Security user role or a custom role with the right privileges.

You can create custom roles and define feature privileges at different levels to manage feature access in Kibana. Kibana privileges grant access to features within a specified Kibana space, and you can grant full or partial access. For more information, refer to Custom roles.

To send cases to external systems, you need the Security Analytics Complete project feature.

Certain feature tiers and roles might be required to manage case attachments. For example, to add alerts to cases, you must have a role that allows managing alerts.

To grant access to cases in a custom role, set the privileges for the Cases and Actions and Connectors features as follows:

Action Kibana Privileges

Give full access to manage cases and settings

  • All for the Cases feature under Security
  • All for the Actions and Connectors feature under Stack Management

Roles without All privileges for the Actions and Connectors feature cannot create, add, delete, or modify case connectors.

By default, All for the Cases feature allows you to delete cases, delete alerts and comments from cases, and edit case settings. You can customize the sub-feature privileges to limit feature access.

Give assignee access to cases

All for the Cases feature under Security

Before a user can be assigned to a case, they must log into Kibana at least once, which creates a user profile.

Give view-only access for cases

Read for the Security feature and All for the Cases feature

You can customize the sub-feature privileges to allow access to deleting cases, deleting alerts and comments from cases, viewing or editing case settings, adding case comments and attachments, and re-opening cases.

Revoke all access to cases

None for the Cases feature under Security