The Security Operations Manager role allows users to view Dashboards and create reports, view and create custom detectors, work on various Nightfall integrations, handle DLP violations, exfiltration, and Posture Management events, and create and edit policies.
The Nightfall app view for a user with this role is as shown in the following image.
A user with Security Operations Manager Role has the following permissions.
With the Dashboard and Reporting permissions, users to view data on the Dashboard, apply filters to the dashboard data, and also generate reports from the Dashboard data.
With the DLP Violations permission, users can take appropriate actions on the DLP violations. They can also share the violation data and export it as a CSV file.
With the Content Preview permission, users can preview the content of the DLP Violations page. The sensitive data is not redacted for this role.
With the Exfiltration permission, users can filter event data, share event data, view historic events data, and take actions on Posture management, Exfiltration, and encryption events.
With the Detectors permission, users can view all the detectors, view detectors that belong to a specific category, filter the list of detectors, search a detector, and copy the UUID of a detector. Users with this role can also create custom detectors.
With the Detection Rules Permission, users can view and modify detection rules. Furthermore, this permission also allows users to create new detection rule and add detectors to it.
The DLP policies permission allows users to create, edit, and delete the DLP policies. The Exfiltration/Posture management permission allow users to create, edit, and delete the exfiltration, Posture management, and Firewall for AI policies. Users can also search and filter policies.
With the App management permission, users can manage connections to various existing Nightfall integrations and create new instance of connections with Nightfall integrations. With the App Alert Management permission, users can add, edit, or delete notification channels for each integration.