Roles for security incident response tasks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-01-2025 02:14 AM
Hello,
which roles must be assigned to an agent to handle responses tasks without having access to the security incident responses father?
Thanks for your help

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-01-2025 06:44 PM
Hey there.
The <sn_si.external> role is used to grant access to external Teams outside of the primary security incident responders or security analysts.
This role could be used to grant permissions to Teams like the Help Desk, Firewall Team, etc - so that they only see the child Response Tasks (aka SITs) that are assigned to a Team they are members of.
One call out to consider, is that you could also create related Incidents (ITSM) (aka INCs) from Security Incidents as well, to route work to other Teams. In that approach, no additional user permissions or roles would be needed, and in some cases INCs may align with how external Teams are familiar with working.