Creating FortiSOC administrator profiles
FortiSOC profile permissions allow security analysts to access the FortiSOC module while preventing them from making changes to configurations that will affect the SLA.
To create an analyst profile:
- Go to System Settings > Admin > Profile.
- In the toolbar, click Create New.
- In the Profile Name field, give the profile a distinctive name such as, Analyst.
- Set FortiSOC to Read-Only.
- Set one or more of the following settings to Read-Write.
Permission Description Create & Update Incidents Allows analysts to create and update incidents. Triage Event Allows analysts to acknowledge, comment, view logs, create new incidents, and add to existing incidents. Execute Playbook Allows analysts to view and run a playbook. Run Report Allows analysts to view, run, and export a report.
- Configure the other settings as required, and click OK.
To apply a profile to an administrator:
- Go to System Settings > Administrators.
- Create a new administrator or edit an existing administrator. The Edit Administrator pane is displayed.
- From the Admin Profile list, select a profile.