Splunk® Attack Analyzer

Detect and Analyze Threats with Splunk Attack Analyzer

Manage roles and permissions for users of Splunk Attack Analyzer

Assign users to roles to manage their access to functionality and data in Splunk Attack Analyzer. Splunk Attack Analyzer includes several roles.

Roles included in Splunk Attack Analyzer

The following roles are available to Splunk Attack Analyzer users. Each role comes with certain permissions that are described in the following table.

Role name Description Permissions
Read only View Splunk Attack Analyzer results without the ability to make changes. View submitted jobs.
Analyst Submit data to Splunk Attack Analyzer and review data submitted by others. Does not include administrator or data deletion privileges. View submitted jobs.
Submit new jobs.
Power User Submit data to Splunk Attack Analyzer, review data submitted by others, and delete submitted jobs. View submitted jobs.
Submit new jobs.
Delete submitted jobs.
Administrator Submit data to Splunk Attack Analyzer, review data submitted by others, delete data, manage users in Splunk Attack Analyzer, manage API keys, and view email submission address. View submitted jobs.
Submit new jobs.
Delete submitted jobs.
Manage users.
Manage API keys.
View email submission address.

Create and assign user roles

As a user with an Administrator role you can create users and assign users to roles to manage their access to functionality and data in Splunk Attack Analyzer. Splunk Attack Analyzer includes several roles. See Roles included in Splunk Attack Analyzer. To create a new user and assign them a role, follow these steps:

  1. From Splunk Attack Analyzer select your username, then User Management.
  2. Select + New User.
  3. Enter the email address of the user you want to add.
  4. Select a role to assign them a role. Analyst is the default role.
  5. Select Submit.
  6. Select Send invitation email to invite the user to Splunk Attack Analyzer.

Once a user is added to Splunk Attack Analyzer, they are listed as a user on the User Management page.

Manage access for users

Once you have added a user to Splunk Attack Analyzer, you can take actions to manage their access.

  1. From Splunk Attack Analyzer select your username, then User Management.
  2. Navigate to the user you want to manage access for.
  3. Select the envelope icon (Envelope icon) to resend the invitation email to the user.
  4. Select the edit icon (Edit icon) to change the role of the user and select Submit.
  5. Select the delete icon (Delete icon) to delete the user and select Delete User to confirm.
Last modified on 05 March, 2024
Search in Splunk Attack Analyzer   Create and manage API keys in Splunk Attack Analyzer

This documentation applies to the following versions of Splunk® Attack Analyzer: Current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters