Review the user roles that are required in the MISP integration for Security Operations
integration.
Table 1. Observable Enrichment and Sighting Search Permissions
Note:
- All ServiceNow MISP integration capabilities need the basic
permissions to Manage Organization Events and Auth
key access. Ensure that you have these basic permissions before you
proceed.
- To add local galaxies, the user that configures the integration should belong to the
host organization of the corresponding MISP server.
| MISP capability |
Tagger |
Tag editor |
| Observable Enrichment (Read-only) |
✓ |
✓ |
| Sighting Search (Read-only) |
✓ |
✓ |
Table 2. Report Sighting Permissions
| MISP capability |
Sighting creator |
| Report Sighting |
✓ |
Table 3. Attribute and Event Permissions
| MISP capability |
Tagger |
Tag editor |
| Edit Event/Attribute Tags |
✓ |
✓ |
| Edit Event/Attribute Galaxies |
✓ |
✓ |
| Edit Attribute Comments |
✓ |
✓ |
| Add New Attribute to event |
✓ |
✓ |
| Create Event in MISP |
✓ |
✓ |