Google Security Operations roles and permissions

This page lists the IAM roles and permissions for Google Security Operations. Tosearch through all roles and permissions, see therole andpermission index.

Google Security Operations roles

Role Permissions

Role	Permissions
Chronicle API Admin (`roles/chronicle.admin`) Full access to the Chronicle API services, including global settings.	`chronicle.ais.` `chronicle.ais.createFeedback` `chronicle.ais.translateUdmQuery` `chronicle.ais.translateYlRule` `chronicle.alertGroupingRules.` `chronicle.alertGroupingRules.delete` `chronicle.alertGroupingRules.get` `chronicle.alertGroupingRules.update` `chronicle.analyticValues.list` `chronicle.analytics.list` `chronicle.announcements.` `chronicle.announcements.delete` `chronicle.announcements.get` `chronicle.announcements.update` `chronicle.attachments.` `chronicle.attachments.delete` `chronicle.attachments.get` `chronicle.attachments.update` `chronicle.bigQueryAccess.provide` `chronicle.bigQueryExport.` `chronicle.bigQueryExport.get` `chronicle.bigQueryExport.provision` `chronicle.bigQueryExport.update` `chronicle.calculatedFieldDefinitions.` `chronicle.calculatedFieldDefinitions.delete` `chronicle.calculatedFieldDefinitions.get` `chronicle.calculatedFieldDefinitions.update` `chronicle.caseAlerts.` `chronicle.caseAlerts.get` `chronicle.caseAlerts.metadataUpdate` `chronicle.caseAlerts.move` `chronicle.caseAlerts.updateSla` `chronicle.caseCloseDefinitions.` `chronicle.caseCloseDefinitions.delete` `chronicle.caseCloseDefinitions.get` `chronicle.caseCloseDefinitions.update` `chronicle.caseComments.` `chronicle.caseComments.delete` `chronicle.caseComments.get` `chronicle.caseComments.update` `chronicle.caseQueueFilters.` `chronicle.caseQueueFilters.delete` `chronicle.caseQueueFilters.get` `chronicle.caseQueueFilters.update` `chronicle.caseStageDefinitions.` `chronicle.caseStageDefinitions.delete` `chronicle.caseStageDefinitions.get` `chronicle.caseStageDefinitions.update` `chronicle.caseTagDefinitions.` `chronicle.caseTagDefinitions.delete` `chronicle.caseTagDefinitions.get` `chronicle.caseTagDefinitions.update` `chronicle.caseWallRecords.` `chronicle.caseWallRecords.get` `chronicle.caseWallRecords.update` `chronicle.cases.` `chronicle.cases.close` `chronicle.cases.countPriorities` `chronicle.cases.generateReport` `chronicle.cases.get` `chronicle.cases.removeTag` `chronicle.cases.reopen` `chronicle.cases.update` `chronicle.cases.updateTag` `chronicle.chatMessages.` `chronicle.chatMessages.create` `chronicle.chatMessages.get` `chronicle.chatMessages.pin` `chronicle.collectors.` `chronicle.collectors.create` `chronicle.collectors.delete` `chronicle.collectors.get` `chronicle.collectors.list` `chronicle.collectors.update` `chronicle.connectorInstanceLogs.get` `chronicle.connectorInstances.` `chronicle.connectorInstances.delete` `chronicle.connectorInstances.get` `chronicle.connectorInstances.update` `chronicle.connectorRevisions.` `chronicle.connectorRevisions.delete` `chronicle.connectorRevisions.get` `chronicle.connectorRevisions.update` `chronicle.connectors.` `chronicle.connectors.delete` `chronicle.connectors.get` `chronicle.connectors.update` `chronicle.contentPacks.` `chronicle.contentPacks.create` `chronicle.contentPacks.delete` `chronicle.contentPacks.export` `chronicle.contentPacks.get` `chronicle.contentPacks.install` `chronicle.contextProperties.` `chronicle.contextProperties.delete` `chronicle.contextProperties.get` `chronicle.contextProperties.update` `chronicle.conversations.` `chronicle.conversations.create` `chronicle.conversations.delete` `chronicle.conversations.get` `chronicle.conversations.list` `chronicle.conversations.update` `chronicle.coverageDetails.` `chronicle.coverageDetails.get` `chronicle.coverageDetails.list` `chronicle.curatedRuleSetCategories.` `chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections` `chronicle.curatedRuleSetCategories.get` `chronicle.curatedRuleSetCategories.list` `chronicle.curatedRuleSetDeployments.` `chronicle.curatedRuleSetDeployments.batchUpdate` `chronicle.curatedRuleSetDeployments.get` `chronicle.curatedRuleSetDeployments.list` `chronicle.curatedRuleSetDeployments.update` `chronicle.curatedRuleSets.` `chronicle.curatedRuleSets.countCuratedRuleSetDetections` `chronicle.curatedRuleSets.get` `chronicle.curatedRuleSets.list` `chronicle.curatedRules.` `chronicle.curatedRules.get` `chronicle.curatedRules.list` `chronicle.customFieldValues.` `chronicle.customFieldValues.get` `chronicle.customFieldValues.update` `chronicle.customFields.` `chronicle.customFields.delete` `chronicle.customFields.get` `chronicle.customFields.update` `chronicle.customLists.` `chronicle.customLists.delete` `chronicle.customLists.get` `chronicle.customLists.update` `chronicle.dashboardCharts.` `chronicle.dashboardCharts.get` `chronicle.dashboardCharts.list` `chronicle.dashboardQueries.` `chronicle.dashboardQueries.execute` `chronicle.dashboardQueries.get` `chronicle.dashboardQueries.list` `chronicle.dashboardScheduledReports.` `chronicle.dashboardScheduledReports.create` `chronicle.dashboardScheduledReports.delete` `chronicle.dashboardScheduledReports.duplicate` `chronicle.dashboardScheduledReports.fetchHistory` `chronicle.dashboardScheduledReports.get` `chronicle.dashboardScheduledReports.list` `chronicle.dashboardScheduledReports.trigger` `chronicle.dashboardScheduledReports.update` `chronicle.dashboards.` `chronicle.dashboards.copy` `chronicle.dashboards.create` `chronicle.dashboards.delete` `chronicle.dashboards.edit` `chronicle.dashboards.get` `chronicle.dashboards.list` `chronicle.dashboards.schedule` `chronicle.dataAccessLabels.` `chronicle.dataAccessLabels.create` `chronicle.dataAccessLabels.delete` `chronicle.dataAccessLabels.get` `chronicle.dataAccessLabels.list` `chronicle.dataAccessLabels.update` `chronicle.dataAccessScopes.` `chronicle.dataAccessScopes.create` `chronicle.dataAccessScopes.delete` `chronicle.dataAccessScopes.get` `chronicle.dataAccessScopes.list` `chronicle.dataAccessScopes.permit` `chronicle.dataAccessScopes.update` `chronicle.dataExports.` `chronicle.dataExports.cancel` `chronicle.dataExports.create` `chronicle.dataExports.fetchLogTypesAvailableForExport` `chronicle.dataExports.fetchServiceAccountForDataExport` `chronicle.dataExports.get` `chronicle.dataExports.list` `chronicle.dataExports.update` `chronicle.dataTableOperationErrors.get` `chronicle.dataTableRows.` `chronicle.dataTableRows.asyncBulkAppend` `chronicle.dataTableRows.asyncBulkCreate` `chronicle.dataTableRows.asyncBulkReplace` `chronicle.dataTableRows.asyncBulkUpdate` `chronicle.dataTableRows.bulkCreate` `chronicle.dataTableRows.bulkGet` `chronicle.dataTableRows.bulkReplace` `chronicle.dataTableRows.bulkUpdate` `chronicle.dataTableRows.create` `chronicle.dataTableRows.delete` `chronicle.dataTableRows.get` `chronicle.dataTableRows.list` `chronicle.dataTableRows.update` `chronicle.dataTables.` `chronicle.dataTables.bulkCreateDataTableAsync` `chronicle.dataTables.create` `chronicle.dataTables.delete` `chronicle.dataTables.get` `chronicle.dataTables.list` `chronicle.dataTables.update` `chronicle.dataTaps.` `chronicle.dataTaps.create` `chronicle.dataTaps.delete` `chronicle.dataTaps.get` `chronicle.dataTaps.list` `chronicle.dataTaps.update` `chronicle.emailTemplates.` `chronicle.emailTemplates.delete` `chronicle.emailTemplates.get` `chronicle.emailTemplates.update` `chronicle.enrichmentCombination.get` `chronicle.enrichmentControls.` `chronicle.enrichmentControls.create` `chronicle.enrichmentControls.delete` `chronicle.enrichmentControls.disable` `chronicle.enrichmentControls.get` `chronicle.enrichmentControls.list` `chronicle.entities.` `chronicle.entities.batchCreate` `chronicle.entities.batchDelete` `chronicle.entities.batchValidate` `chronicle.entities.create` `chronicle.entities.delete` `chronicle.entities.find` `chronicle.entities.findRelatedEntities` `chronicle.entities.get` `chronicle.entities.import` `chronicle.entities.list` `chronicle.entities.modifyEntityRiskScore` `chronicle.entities.queryEntityRiskScoreModifications` `chronicle.entities.searchEntities` `chronicle.entities.summarize` `chronicle.entities.summarizeFromQuery` `chronicle.entitiesBlocklists.` `chronicle.entitiesBlocklists.delete` `chronicle.entitiesBlocklists.get` `chronicle.entitiesBlocklists.update` `chronicle.entityRiskScores.queryEntityRiskScores` `chronicle.environmentGroups.` `chronicle.environmentGroups.delete` `chronicle.environmentGroups.get` `chronicle.environmentGroups.update` `chronicle.environments.` `chronicle.environments.delete` `chronicle.environments.get` `chronicle.environments.update` `chronicle.events.` `chronicle.events.batchGet` `chronicle.events.fetchEnrichedEvent` `chronicle.events.findUdmFieldValues` `chronicle.events.get` `chronicle.events.import` `chronicle.events.queryProductSourceStats` `chronicle.events.searchRawLogs` `chronicle.events.udmSearch` `chronicle.events.validateQuery` `chronicle.extensionValidationReports.` `chronicle.extensionValidationReports.get` `chronicle.extensionValidationReports.list` `chronicle.featuredContentNativeDashboards.` `chronicle.featuredContentNativeDashboards.get` `chronicle.featuredContentNativeDashboards.install` `chronicle.featuredContentNativeDashboards.list` `chronicle.featuredContentRules.list` `chronicle.featuredContentSearchQueries.` `chronicle.featuredContentSearchQueries.get` `chronicle.featuredContentSearchQueries.install` `chronicle.featuredContentSearchQueries.list` `chronicle.feedPacks.` `chronicle.feedPacks.get` `chronicle.feedPacks.list` `chronicle.feedServiceAccounts.fetch` `chronicle.feedSourceTypeSchemas.list` `chronicle.feeds.` `chronicle.feeds.create` `chronicle.feeds.delete` `chronicle.feeds.disable` `chronicle.feeds.enable` `chronicle.feeds.generateSecret` `chronicle.feeds.get` `chronicle.feeds.list` `chronicle.feeds.update` `chronicle.findingsGraphs.` `chronicle.findingsGraphs.exploreNode` `chronicle.findingsGraphs.initializeGraph` `chronicle.findingsRefinementDeployments.` `chronicle.findingsRefinementDeployments.get` `chronicle.findingsRefinementDeployments.list` `chronicle.findingsRefinementDeployments.update` `chronicle.findingsRefinements.` `chronicle.findingsRefinements.computeActivity` `chronicle.findingsRefinements.computeAllActivities` `chronicle.findingsRefinements.create` `chronicle.findingsRefinements.get` `chronicle.findingsRefinements.list` `chronicle.findingsRefinements.test` `chronicle.findingsRefinements.update` `chronicle.formDynamicParameters.` `chronicle.formDynamicParameters.get` `chronicle.formDynamicParameters.update` `chronicle.forwarders.` `chronicle.forwarders.create` `chronicle.forwarders.delete` `chronicle.forwarders.generate` `chronicle.forwarders.get` `chronicle.forwarders.importStatsEvents` `chronicle.forwarders.list` `chronicle.forwarders.update` `chronicle.globalDataAccessScopes.permit` `chronicle.ingestionLogLabels.` `chronicle.ingestionLogLabels.get` `chronicle.ingestionLogLabels.list` `chronicle.ingestionLogNamespaces.` `chronicle.ingestionLogNamespaces.get` `chronicle.ingestionLogNamespaces.list` `chronicle.instances.generateCollectionAgentAuth` `chronicle.instances.generateSoarAuthJwt` `chronicle.instances.generateWorkspaceConnectionToken` `chronicle.instances.get` `chronicle.instances.graduatePocInstance` `chronicle.instances.logTypeClassifier` `chronicle.instances.report` `chronicle.instances.soarAdmin` `chronicle.instances.update` `chronicle.instances.verifyNonce` `chronicle.integrationActionRevisions.` `chronicle.integrationActionRevisions.delete` `chronicle.integrationActionRevisions.get` `chronicle.integrationActionRevisions.update` `chronicle.integrationActions.` `chronicle.integrationActions.delete` `chronicle.integrationActions.get` `chronicle.integrationActions.run` `chronicle.integrationActions.update` `chronicle.integrationInstances.` `chronicle.integrationInstances.delete` `chronicle.integrationInstances.get` `chronicle.integrationInstances.update` `chronicle.integrationLogicalOperatorRevisions.` `chronicle.integrationLogicalOperatorRevisions.delete` `chronicle.integrationLogicalOperatorRevisions.get` `chronicle.integrationLogicalOperatorRevisions.update` `chronicle.integrationLogicalOperators.` `chronicle.integrationLogicalOperators.delete` `chronicle.integrationLogicalOperators.execute` `chronicle.integrationLogicalOperators.get` `chronicle.integrationLogicalOperators.update` `chronicle.integrations.` `chronicle.integrations.delete` `chronicle.integrations.get` `chronicle.integrations.update` `chronicle.investigationSteps.` `chronicle.investigationSteps.get` `chronicle.investigationSteps.list` `chronicle.investigations.` `chronicle.investigations.fetchAssociated` `chronicle.investigations.get` `chronicle.investigations.list` `chronicle.investigations.trigger` `chronicle.involvedEntities.` `chronicle.involvedEntities.get` `chronicle.involvedEntities.update` `chronicle.iocAssociations.` `chronicle.iocAssociations.batchGet` `chronicle.iocAssociations.fetchRelated` `chronicle.iocAssociations.get` `chronicle.iocMatches.` `chronicle.iocMatches.get` `chronicle.iocMatches.list` `chronicle.iocState.` `chronicle.iocState.get` `chronicle.iocState.update` `chronicle.iocs.` `chronicle.iocs.batchGet` `chronicle.iocs.fetchRelated` `chronicle.iocs.findFirstAndLastSeen` `chronicle.iocs.findIocs` `chronicle.iocs.get` `chronicle.iocs.searchCuratedDetectionsForIoc` `chronicle.jobInstanceLogs.get` `chronicle.jobInstances.` `chronicle.jobInstances.delete` `chronicle.jobInstances.get` `chronicle.jobInstances.run` `chronicle.jobInstances.update` `chronicle.jobRevisions.` `chronicle.jobRevisions.delete` `chronicle.jobRevisions.get` `chronicle.jobRevisions.update` `chronicle.jobs.` `chronicle.jobs.delete` `chronicle.jobs.get` `chronicle.jobs.update` `chronicle.labsExperimentExecutions.` `chronicle.labsExperimentExecutions.get` `chronicle.labsExperimentExecutions.list` `chronicle.labsExperimentExecutions.update` `chronicle.labsExperiments.` `chronicle.labsExperiments.execute` `chronicle.labsExperiments.get` `chronicle.labsExperiments.list` `chronicle.labsExperiments.update` `chronicle.legacies.` `chronicle.legacies.legacyBatchGetCases` `chronicle.legacies.legacyBatchGetCollections` `chronicle.legacies.legacyFetchAlertsView` `chronicle.legacies.legacyFetchUdmSearchCsv` `chronicle.legacies.legacyFetchUdmSearchView` `chronicle.legacies.legacyFindAssetEvents` `chronicle.legacies.legacyFindRawLogs` `chronicle.legacies.legacyFindUdmEvents` `chronicle.legacies.legacyGetAlert` `chronicle.legacies.legacyGetCuratedRulesTrends` `chronicle.legacies.legacyGetDetection` `chronicle.legacies.legacyGetEventForDetection` `chronicle.legacies.legacyGetRuleCounts` `chronicle.legacies.legacyGetRulesTrends` `chronicle.legacies.legacyRunTestRule` `chronicle.legacies.legacySearchArtifactEvents` `chronicle.legacies.legacySearchArtifactIoCDetails` `chronicle.legacies.legacySearchAssetEvents` `chronicle.legacies.legacySearchCuratedDetections` `chronicle.legacies.legacySearchCustomerStats` `chronicle.legacies.legacySearchDetections` `chronicle.legacies.legacySearchDomainsRecentlyRegistered` `chronicle.legacies.legacySearchDomainsTimingStats` `chronicle.legacies.legacySearchEnterpriseWideAlerts` `chronicle.legacies.legacySearchEnterpriseWideIoCs` `chronicle.legacies.legacySearchFindings` `chronicle.legacies.legacySearchIngestionStats` `chronicle.legacies.legacySearchIoCInsights` `chronicle.legacies.legacySearchRawLogs` `chronicle.legacies.legacySearchRuleDetectionCountBuckets` `chronicle.legacies.legacySearchRuleDetectionEvents` `chronicle.legacies.legacySearchRuleResults` `chronicle.legacies.legacySearchRulesAlerts` `chronicle.legacies.legacySearchUserEvents` `chronicle.legacies.legacyStreamDetectionAlerts` `chronicle.legacies.legacyTestRuleStreaming` `chronicle.legacies.legacyUpdateAlert` `chronicle.legacyCaseFederationPlatforms.` `chronicle.legacyCaseFederationPlatforms.delete` `chronicle.legacyCaseFederationPlatforms.get` `chronicle.legacyCaseFederationPlatforms.update` `chronicle.legacyCases.` `chronicle.legacyCases.createManual` `chronicle.legacyCases.createSimulated` `chronicle.legacyCases.deleteSimulated` `chronicle.legacyCases.exportJson` `chronicle.legacyCases.get` `chronicle.legacyCases.getSimulated` `chronicle.legacyCases.importJson` `chronicle.legacyCases.ingest` `chronicle.legacyCases.ingestAlertTestCase` `chronicle.legacyCases.runManualAction` `chronicle.legacyCases.simulate` `chronicle.legacyConfiguration.getMaximumAlertsGroupingConfiguration` `chronicle.legacyFederatedCases.` `chronicle.legacyFederatedCases.batchPatchFederatedCases` `chronicle.legacyFederatedCases.fetchCasesToSync` `chronicle.legacyFederatedCases.get` `chronicle.legacyPlaybooks.` `chronicle.legacyPlaybooks.delete` `chronicle.legacyPlaybooks.export` `chronicle.legacyPlaybooks.get` `chronicle.legacyPlaybooks.import` `chronicle.legacyPlaybooks.update` `chronicle.legacyPublisher.` `chronicle.legacyPublisher.get` `chronicle.legacyPublisher.update` `chronicle.legacySdk.` `chronicle.legacySdk.get` `chronicle.legacySdk.update` `chronicle.legacySearches.` `chronicle.legacySearches.searchCases` `chronicle.legacySearches.searchEntities` `chronicle.legacySoarAdvancedReports.` `chronicle.legacySoarAdvancedReports.delete` `chronicle.legacySoarAdvancedReports.get` `chronicle.legacySoarAdvancedReports.share` `chronicle.legacySoarAdvancedReports.update` `chronicle.legacySoarAudits.legacySoarAudit` `chronicle.legacySoarDashboards.` `chronicle.legacySoarDashboards.delete` `chronicle.legacySoarDashboards.get` `chronicle.legacySoarDashboards.update` `chronicle.legacySoarIdpMappingGroups.` `chronicle.legacySoarIdpMappingGroups.delete` `chronicle.legacySoarIdpMappingGroups.get` `chronicle.legacySoarIdpMappingGroups.update` `chronicle.legacySoarPermissionGroups.get` `chronicle.legacySoarReports.` `chronicle.legacySoarReports.delete` `chronicle.legacySoarReports.get` `chronicle.legacySoarReports.update` `chronicle.legacySoarSettings.` `chronicle.legacySoarSettings.get` `chronicle.legacySoarSettings.update` `chronicle.legacySoarUsers.` `chronicle.legacySoarUsers.delete` `chronicle.legacySoarUsers.get` `chronicle.legacySystem.` `chronicle.legacySystem.getLicenseStatus` `chronicle.legacySystem.getMaximumDataRetentionValue` `chronicle.legacySystem.getSystemVersion` `chronicle.legacySystemMetadata.` `chronicle.legacySystemMetadata.get` `chronicle.legacySystemMetadata.placeholders` `chronicle.logProcessingPipelines.` `chronicle.logProcessingPipelines.associateStreams` `chronicle.logProcessingPipelines.create` `chronicle.logProcessingPipelines.delete` `chronicle.logProcessingPipelines.dissociateStreams` `chronicle.logProcessingPipelines.fetchAssociatedPipeline` `chronicle.logProcessingPipelines.fetchSampleLogsByStreams` `chronicle.logProcessingPipelines.get` `chronicle.logProcessingPipelines.list` `chronicle.logProcessingPipelines.testPipeline` `chronicle.logProcessingPipelines.update` `chronicle.logTypeSchemas.list` `chronicle.logTypeSettings.` `chronicle.logTypeSettings.get` `chronicle.logTypeSettings.list` `chronicle.logTypeSettings.update` `chronicle.logTypes.` `chronicle.logTypes.create` `chronicle.logTypes.get` `chronicle.logTypes.list` `chronicle.logTypes.update` `chronicle.logs.` `chronicle.logs.export` `chronicle.logs.get` `chronicle.logs.import` `chronicle.logs.list` `chronicle.managerRevisions.` `chronicle.managerRevisions.delete` `chronicle.managerRevisions.get` `chronicle.managerRevisions.update` `chronicle.managers.` `chronicle.managers.delete` `chronicle.managers.get` `chronicle.managers.update` `chronicle.mappingRules.` `chronicle.mappingRules.delete` `chronicle.mappingRules.get` `chronicle.mappingRules.update` `chronicle.marketplaceIntegrations.` `chronicle.marketplaceIntegrations.get` `chronicle.marketplaceIntegrations.install` `chronicle.marketplaceIntegrations.uninstall` `chronicle.messages.` `chronicle.messages.create` `chronicle.messages.delete` `chronicle.messages.get` `chronicle.messages.list` `chronicle.messages.update` `chronicle.moduleSettings.` `chronicle.moduleSettings.get` `chronicle.moduleSettings.rebranding` `chronicle.moduleSettingsProperties.` `chronicle.moduleSettingsProperties.get` `chronicle.moduleSettingsProperties.testSettings` `chronicle.moduleSettingsProperties.update` `chronicle.multitenantDirectories.get` `chronicle.nativeDashboards.` `chronicle.nativeDashboards.create` `chronicle.nativeDashboards.delete` `chronicle.nativeDashboards.duplicate` `chronicle.nativeDashboards.get` `chronicle.nativeDashboards.list` `chronicle.nativeDashboards.update` `chronicle.notebooks.` `chronicle.notebooks.get` `chronicle.notebooks.list` `chronicle.notificationSettings.` `chronicle.notificationSettings.get` `chronicle.notificationSettings.update` `chronicle.ontologyRecords.` `chronicle.ontologyRecords.get` `chronicle.ontologyRecords.update` `chronicle.operations.` `chronicle.operations.cancel` `chronicle.operations.delete` `chronicle.operations.get` `chronicle.operations.list` `chronicle.operations.streamSearch` `chronicle.operations.wait` `chronicle.parserExtensions.` `chronicle.parserExtensions.activate` `chronicle.parserExtensions.create` `chronicle.parserExtensions.delete` `chronicle.parserExtensions.generateKeyValueMappings` `chronicle.parserExtensions.get` `chronicle.parserExtensions.legacySubmitParserExtension` `chronicle.parserExtensions.list` `chronicle.parserExtensions.removeSyslog` `chronicle.parsers.` `chronicle.parsers.activate` `chronicle.parsers.activateReleaseCandidate` `chronicle.parsers.copyPrebuiltParser` `chronicle.parsers.create` `chronicle.parsers.deactivate` `chronicle.parsers.delete` `chronicle.parsers.generateEventTypesSuggestions` `chronicle.parsers.get` `chronicle.parsers.list` `chronicle.parsers.runParser` `chronicle.parsers.update` `chronicle.parsingErrors.list` `chronicle.preferenceSets.` `chronicle.preferenceSets.get` `chronicle.preferenceSets.update` `chronicle.propertySchemaDefinitions.` `chronicle.propertySchemaDefinitions.delete` `chronicle.propertySchemaDefinitions.get` `chronicle.propertySchemaDefinitions.update` `chronicle.referenceLists.` `chronicle.referenceLists.create` `chronicle.referenceLists.get` `chronicle.referenceLists.list` `chronicle.referenceLists.update` `chronicle.referenceLists.verifyReferenceList` `chronicle.remoteAgents.` `chronicle.remoteAgents.delete` `chronicle.remoteAgents.get` `chronicle.remoteAgents.update` `chronicle.requestTemplates.` `chronicle.requestTemplates.delete` `chronicle.requestTemplates.get` `chronicle.requestTemplates.update` `chronicle.retrohunts.` `chronicle.retrohunts.create` `chronicle.retrohunts.get` `chronicle.retrohunts.list` `chronicle.riskConfigs.` `chronicle.riskConfigs.get` `chronicle.riskConfigs.update` `chronicle.ruleDeployments.` `chronicle.ruleDeployments.get` `chronicle.ruleDeployments.list` `chronicle.ruleDeployments.update` `chronicle.ruleExecutionErrors.list` `chronicle.rules.` `chronicle.rules.create` `chronicle.rules.delete` `chronicle.rules.get` `chronicle.rules.list` `chronicle.rules.listRevisions` `chronicle.rules.update` `chronicle.rules.verifyRuleText` `chronicle.savedColumnSets.` `chronicle.savedColumnSets.create` `chronicle.savedColumnSets.delete` `chronicle.savedColumnSets.get` `chronicle.savedColumnSets.list` `chronicle.savedColumnSets.update` `chronicle.searchQueries.` `chronicle.searchQueries.create` `chronicle.searchQueries.delete` `chronicle.searchQueries.get` `chronicle.searchQueries.list` `chronicle.searchQueries.update` `chronicle.shareConfigs.` `chronicle.shareConfigs.get` `chronicle.shareConfigs.update` `chronicle.slaDefinitions.` `chronicle.slaDefinitions.delete` `chronicle.slaDefinitions.get` `chronicle.slaDefinitions.update` `chronicle.soarDomains.` `chronicle.soarDomains.delete` `chronicle.soarDomains.get` `chronicle.soarDomains.update` `chronicle.soarNetworks.` `chronicle.soarNetworks.delete` `chronicle.soarNetworks.get` `chronicle.soarNetworks.update` `chronicle.socRoles.` `chronicle.socRoles.delete` `chronicle.socRoles.get` `chronicle.socRoles.update` `chronicle.summaryTables.` `chronicle.summaryTables.create` `chronicle.summaryTables.delete` `chronicle.summaryTables.get` `chronicle.summaryTables.list` `chronicle.summaryTables.update` `chronicle.systemNotifications.` `chronicle.systemNotifications.get` `chronicle.systemNotifications.update` `chronicle.tasks.` `chronicle.tasks.delete` `chronicle.tasks.get` `chronicle.tasks.update` `chronicle.tenants.` `chronicle.tenants.create` `chronicle.tenants.list` `chronicle.tenants.update` `chronicle.threatCollectionFilterSet.get` `chronicle.threatCollections.` `chronicle.threatCollections.fetchEntityMetadata` `chronicle.threatCollections.fetchIocMatchMetadata` `chronicle.threatCollections.fetchRelated` `chronicle.threatCollections.get` `chronicle.threatCollections.list` `chronicle.transformerDefinitions.` `chronicle.transformerDefinitions.create` `chronicle.transformerDefinitions.delete` `chronicle.transformerDefinitions.execute` `chronicle.transformerDefinitions.get` `chronicle.transformerDefinitions.list` `chronicle.transformerDefinitions.update` `chronicle.transformerRevisions.` `chronicle.transformerRevisions.delete` `chronicle.transformerRevisions.get` `chronicle.transformerRevisions.update` `chronicle.uniqueEntities.` `chronicle.uniqueEntities.get` `chronicle.uniqueEntities.update` `chronicle.userLocalizations.` `chronicle.userLocalizations.get` `chronicle.userLocalizations.update` `chronicle.userNotifications.` `chronicle.userNotifications.get` `chronicle.userNotifications.update` `chronicle.validationErrors.list` `chronicle.validationReports.get` `chronicle.views.` `chronicle.views.get` `chronicle.views.update` `chronicle.visualFamilies.` `chronicle.visualFamilies.delete` `chronicle.visualFamilies.get` `chronicle.visualFamilies.update` `chronicle.watchlists.` `chronicle.watchlists.create` `chronicle.watchlists.delete` `chronicle.watchlists.get` `chronicle.watchlists.list` `chronicle.watchlists.update` `chronicle.webhooks.` `chronicle.webhooks.delete` `chronicle.webhooks.get` `chronicle.webhooks.update` `chronicle.workdeskContacts.` `chronicle.workdeskContacts.delete` `chronicle.workdeskContacts.get` `chronicle.workdeskContacts.update` `chronicle.workdeskLinks.` `chronicle.workdeskLinks.delete` `chronicle.workdeskLinks.get` `chronicle.workdeskLinks.update` `chronicle.workdeskNotes.` `chronicle.workdeskNotes.delete` `chronicle.workdeskNotes.get` `chronicle.workdeskNotes.update` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.attackpaths.list` `securitycenter.exposurepathexplan.get` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.update` `securitycenter.findingsecuritymarks.update` `securitycenter.simulations.get` `securitycenter.userinterfacemetadata.get` `securitycenter.valuedresources.list`
Chronicle API Data Governor^Beta (`roles/chronicle.dataGovernor`) Grants elevated access to control the lifecycle of the Chronicle instance and its data.	`chronicle.instances.delete` `chronicle.instances.undelete` `resourcemanager.projects.get` `resourcemanager.projects.list`
Chronicle API Editor (`roles/chronicle.editor`) Modify Access to Chronicle API resources.	`chronicle.ais.` `chronicle.ais.createFeedback` `chronicle.ais.translateUdmQuery` `chronicle.ais.translateYlRule` `chronicle.analyticValues.list` `chronicle.analytics.list` `chronicle.announcements.get` `chronicle.attachments.` `chronicle.attachments.delete` `chronicle.attachments.get` `chronicle.attachments.update` `chronicle.bigQueryExport.get` `chronicle.calculatedFieldDefinitions.get` `chronicle.caseAlerts.` `chronicle.caseAlerts.get` `chronicle.caseAlerts.metadataUpdate` `chronicle.caseAlerts.move` `chronicle.caseAlerts.updateSla` `chronicle.caseCloseDefinitions.` `chronicle.caseCloseDefinitions.delete` `chronicle.caseCloseDefinitions.get` `chronicle.caseCloseDefinitions.update` `chronicle.caseComments.` `chronicle.caseComments.delete` `chronicle.caseComments.get` `chronicle.caseComments.update` `chronicle.caseQueueFilters.` `chronicle.caseQueueFilters.delete` `chronicle.caseQueueFilters.get` `chronicle.caseQueueFilters.update` `chronicle.caseStageDefinitions.get` `chronicle.caseTagDefinitions.` `chronicle.caseTagDefinitions.delete` `chronicle.caseTagDefinitions.get` `chronicle.caseTagDefinitions.update` `chronicle.caseWallRecords.` `chronicle.caseWallRecords.get` `chronicle.caseWallRecords.update` `chronicle.cases.` `chronicle.cases.close` `chronicle.cases.countPriorities` `chronicle.cases.generateReport` `chronicle.cases.get` `chronicle.cases.removeTag` `chronicle.cases.reopen` `chronicle.cases.update` `chronicle.cases.updateTag` `chronicle.chatMessages.` `chronicle.chatMessages.create` `chronicle.chatMessages.get` `chronicle.chatMessages.pin` `chronicle.collectors.get` `chronicle.collectors.list` `chronicle.connectorInstanceLogs.get` `chronicle.connectorInstances.` `chronicle.connectorInstances.delete` `chronicle.connectorInstances.get` `chronicle.connectorInstances.update` `chronicle.connectorRevisions.` `chronicle.connectorRevisions.delete` `chronicle.connectorRevisions.get` `chronicle.connectorRevisions.update` `chronicle.contentPacks.` `chronicle.contentPacks.create` `chronicle.contentPacks.delete` `chronicle.contentPacks.export` `chronicle.contentPacks.get` `chronicle.contentPacks.install` `chronicle.contextProperties.` `chronicle.contextProperties.delete` `chronicle.contextProperties.get` `chronicle.contextProperties.update` `chronicle.conversations.` `chronicle.conversations.create` `chronicle.conversations.delete` `chronicle.conversations.get` `chronicle.conversations.list` `chronicle.conversations.update` `chronicle.coverageDetails.` `chronicle.coverageDetails.get` `chronicle.coverageDetails.list` `chronicle.curatedRuleSetCategories.` `chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections` `chronicle.curatedRuleSetCategories.get` `chronicle.curatedRuleSetCategories.list` `chronicle.curatedRuleSetDeployments.` `chronicle.curatedRuleSetDeployments.batchUpdate` `chronicle.curatedRuleSetDeployments.get` `chronicle.curatedRuleSetDeployments.list` `chronicle.curatedRuleSetDeployments.update` `chronicle.curatedRuleSets.` `chronicle.curatedRuleSets.countCuratedRuleSetDetections` `chronicle.curatedRuleSets.get` `chronicle.curatedRuleSets.list` `chronicle.curatedRules.` `chronicle.curatedRules.get` `chronicle.curatedRules.list` `chronicle.customFieldValues.` `chronicle.customFieldValues.get` `chronicle.customFieldValues.update` `chronicle.customFields.get` `chronicle.customLists.get` `chronicle.dashboardCharts.` `chronicle.dashboardCharts.get` `chronicle.dashboardCharts.list` `chronicle.dashboardQueries.` `chronicle.dashboardQueries.execute` `chronicle.dashboardQueries.get` `chronicle.dashboardQueries.list` `chronicle.dashboardScheduledReports.` `chronicle.dashboardScheduledReports.create` `chronicle.dashboardScheduledReports.delete` `chronicle.dashboardScheduledReports.duplicate` `chronicle.dashboardScheduledReports.fetchHistory` `chronicle.dashboardScheduledReports.get` `chronicle.dashboardScheduledReports.list` `chronicle.dashboardScheduledReports.trigger` `chronicle.dashboardScheduledReports.update` `chronicle.dashboards.` `chronicle.dashboards.copy` `chronicle.dashboards.create` `chronicle.dashboards.delete` `chronicle.dashboards.edit` `chronicle.dashboards.get` `chronicle.dashboards.list` `chronicle.dashboards.schedule` `chronicle.dataAccessScopes.list` `chronicle.dataExports.` `chronicle.dataExports.cancel` `chronicle.dataExports.create` `chronicle.dataExports.fetchLogTypesAvailableForExport` `chronicle.dataExports.fetchServiceAccountForDataExport` `chronicle.dataExports.get` `chronicle.dataExports.list` `chronicle.dataExports.update` `chronicle.dataTableOperationErrors.get` `chronicle.dataTableRows.` `chronicle.dataTableRows.asyncBulkAppend` `chronicle.dataTableRows.asyncBulkCreate` `chronicle.dataTableRows.asyncBulkReplace` `chronicle.dataTableRows.asyncBulkUpdate` `chronicle.dataTableRows.bulkCreate` `chronicle.dataTableRows.bulkGet` `chronicle.dataTableRows.bulkReplace` `chronicle.dataTableRows.bulkUpdate` `chronicle.dataTableRows.create` `chronicle.dataTableRows.delete` `chronicle.dataTableRows.get` `chronicle.dataTableRows.list` `chronicle.dataTableRows.update` `chronicle.dataTables.` `chronicle.dataTables.bulkCreateDataTableAsync` `chronicle.dataTables.create` `chronicle.dataTables.delete` `chronicle.dataTables.get` `chronicle.dataTables.list` `chronicle.dataTables.update` `chronicle.dataTaps.` `chronicle.dataTaps.create` `chronicle.dataTaps.delete` `chronicle.dataTaps.get` `chronicle.dataTaps.list` `chronicle.dataTaps.update` `chronicle.emailTemplates.get` `chronicle.enrichmentCombination.get` `chronicle.enrichmentControls.create` `chronicle.enrichmentControls.disable` `chronicle.enrichmentControls.get` `chronicle.enrichmentControls.list` `chronicle.entities.` `chronicle.entities.batchCreate` `chronicle.entities.batchDelete` `chronicle.entities.batchValidate` `chronicle.entities.create` `chronicle.entities.delete` `chronicle.entities.find` `chronicle.entities.findRelatedEntities` `chronicle.entities.get` `chronicle.entities.import` `chronicle.entities.list` `chronicle.entities.modifyEntityRiskScore` `chronicle.entities.queryEntityRiskScoreModifications` `chronicle.entities.searchEntities` `chronicle.entities.summarize` `chronicle.entities.summarizeFromQuery` `chronicle.entitiesBlocklists.get` `chronicle.entityRiskScores.queryEntityRiskScores` `chronicle.environmentGroups.get` `chronicle.environments.get` `chronicle.events.` `chronicle.events.batchGet` `chronicle.events.fetchEnrichedEvent` `chronicle.events.findUdmFieldValues` `chronicle.events.get` `chronicle.events.import` `chronicle.events.queryProductSourceStats` `chronicle.events.searchRawLogs` `chronicle.events.udmSearch` `chronicle.events.validateQuery` `chronicle.featuredContentNativeDashboards.` `chronicle.featuredContentNativeDashboards.get` `chronicle.featuredContentNativeDashboards.install` `chronicle.featuredContentNativeDashboards.list` `chronicle.featuredContentRules.list` `chronicle.featuredContentSearchQueries.` `chronicle.featuredContentSearchQueries.get` `chronicle.featuredContentSearchQueries.install` `chronicle.featuredContentSearchQueries.list` `chronicle.feedPacks.` `chronicle.feedPacks.get` `chronicle.feedPacks.list` `chronicle.findingsGraphs.` `chronicle.findingsGraphs.exploreNode` `chronicle.findingsGraphs.initializeGraph` `chronicle.findingsRefinementDeployments.` `chronicle.findingsRefinementDeployments.get` `chronicle.findingsRefinementDeployments.list` `chronicle.findingsRefinementDeployments.update` `chronicle.findingsRefinements.` `chronicle.findingsRefinements.computeActivity` `chronicle.findingsRefinements.computeAllActivities` `chronicle.findingsRefinements.create` `chronicle.findingsRefinements.get` `chronicle.findingsRefinements.list` `chronicle.findingsRefinements.test` `chronicle.findingsRefinements.update` `chronicle.formDynamicParameters.get` `chronicle.forwarders.generate` `chronicle.forwarders.get` `chronicle.forwarders.importStatsEvents` `chronicle.forwarders.list` `chronicle.globalDataAccessScopes.permit` `chronicle.ingestionLogLabels.` `chronicle.ingestionLogLabels.get` `chronicle.ingestionLogLabels.list` `chronicle.ingestionLogNamespaces.` `chronicle.ingestionLogNamespaces.get` `chronicle.ingestionLogNamespaces.list` `chronicle.instances.generateCollectionAgentAuth` `chronicle.instances.generateSoarAuthJwt` `chronicle.instances.get` `chronicle.instances.logTypeClassifier` `chronicle.instances.report` `chronicle.integrationActionRevisions.` `chronicle.integrationActionRevisions.delete` `chronicle.integrationActionRevisions.get` `chronicle.integrationActionRevisions.update` `chronicle.integrationActions.get` `chronicle.integrationActions.run` `chronicle.integrationActions.update` `chronicle.integrationInstances.` `chronicle.integrationInstances.delete` `chronicle.integrationInstances.get` `chronicle.integrationInstances.update` `chronicle.integrationLogicalOperatorRevisions.` `chronicle.integrationLogicalOperatorRevisions.delete` `chronicle.integrationLogicalOperatorRevisions.get` `chronicle.integrationLogicalOperatorRevisions.update` `chronicle.integrationLogicalOperators.` `chronicle.integrationLogicalOperators.delete` `chronicle.integrationLogicalOperators.execute` `chronicle.integrationLogicalOperators.get` `chronicle.integrationLogicalOperators.update` `chronicle.integrations.get` `chronicle.integrations.update` `chronicle.investigationSteps.` `chronicle.investigationSteps.get` `chronicle.investigationSteps.list` `chronicle.investigations.` `chronicle.investigations.fetchAssociated` `chronicle.investigations.get` `chronicle.investigations.list` `chronicle.investigations.trigger` `chronicle.involvedEntities.` `chronicle.involvedEntities.get` `chronicle.involvedEntities.update` `chronicle.iocAssociations.` `chronicle.iocAssociations.batchGet` `chronicle.iocAssociations.fetchRelated` `chronicle.iocAssociations.get` `chronicle.iocMatches.` `chronicle.iocMatches.get` `chronicle.iocMatches.list` `chronicle.iocState.` `chronicle.iocState.get` `chronicle.iocState.update` `chronicle.iocs.` `chronicle.iocs.batchGet` `chronicle.iocs.fetchRelated` `chronicle.iocs.findFirstAndLastSeen` `chronicle.iocs.findIocs` `chronicle.iocs.get` `chronicle.iocs.searchCuratedDetectionsForIoc` `chronicle.jobInstanceLogs.get` `chronicle.jobInstances.` `chronicle.jobInstances.delete` `chronicle.jobInstances.get` `chronicle.jobInstances.run` `chronicle.jobInstances.update` `chronicle.jobRevisions.` `chronicle.jobRevisions.delete` `chronicle.jobRevisions.get` `chronicle.jobRevisions.update` `chronicle.jobs.get` `chronicle.jobs.update` `chronicle.labsExperimentExecutions.` `chronicle.labsExperimentExecutions.get` `chronicle.labsExperimentExecutions.list` `chronicle.labsExperimentExecutions.update` `chronicle.labsExperiments.` `chronicle.labsExperiments.execute` `chronicle.labsExperiments.get` `chronicle.labsExperiments.list` `chronicle.labsExperiments.update` `chronicle.legacies.` `chronicle.legacies.legacyBatchGetCases` `chronicle.legacies.legacyBatchGetCollections` `chronicle.legacies.legacyFetchAlertsView` `chronicle.legacies.legacyFetchUdmSearchCsv` `chronicle.legacies.legacyFetchUdmSearchView` `chronicle.legacies.legacyFindAssetEvents` `chronicle.legacies.legacyFindRawLogs` `chronicle.legacies.legacyFindUdmEvents` `chronicle.legacies.legacyGetAlert` `chronicle.legacies.legacyGetCuratedRulesTrends` `chronicle.legacies.legacyGetDetection` `chronicle.legacies.legacyGetEventForDetection` `chronicle.legacies.legacyGetRuleCounts` `chronicle.legacies.legacyGetRulesTrends` `chronicle.legacies.legacyRunTestRule` `chronicle.legacies.legacySearchArtifactEvents` `chronicle.legacies.legacySearchArtifactIoCDetails` `chronicle.legacies.legacySearchAssetEvents` `chronicle.legacies.legacySearchCuratedDetections` `chronicle.legacies.legacySearchCustomerStats` `chronicle.legacies.legacySearchDetections` `chronicle.legacies.legacySearchDomainsRecentlyRegistered` `chronicle.legacies.legacySearchDomainsTimingStats` `chronicle.legacies.legacySearchEnterpriseWideAlerts` `chronicle.legacies.legacySearchEnterpriseWideIoCs` `chronicle.legacies.legacySearchFindings` `chronicle.legacies.legacySearchIngestionStats` `chronicle.legacies.legacySearchIoCInsights` `chronicle.legacies.legacySearchRawLogs` `chronicle.legacies.legacySearchRuleDetectionCountBuckets` `chronicle.legacies.legacySearchRuleDetectionEvents` `chronicle.legacies.legacySearchRuleResults` `chronicle.legacies.legacySearchRulesAlerts` `chronicle.legacies.legacySearchUserEvents` `chronicle.legacies.legacyStreamDetectionAlerts` `chronicle.legacies.legacyTestRuleStreaming` `chronicle.legacies.legacyUpdateAlert` `chronicle.legacyCases.` `chronicle.legacyCases.createManual` `chronicle.legacyCases.createSimulated` `chronicle.legacyCases.deleteSimulated` `chronicle.legacyCases.exportJson` `chronicle.legacyCases.get` `chronicle.legacyCases.getSimulated` `chronicle.legacyCases.importJson` `chronicle.legacyCases.ingest` `chronicle.legacyCases.ingestAlertTestCase` `chronicle.legacyCases.runManualAction` `chronicle.legacyCases.simulate` `chronicle.legacyPlaybooks.` `chronicle.legacyPlaybooks.delete` `chronicle.legacyPlaybooks.export` `chronicle.legacyPlaybooks.get` `chronicle.legacyPlaybooks.import` `chronicle.legacyPlaybooks.update` `chronicle.legacySearches.` `chronicle.legacySearches.searchCases` `chronicle.legacySearches.searchEntities` `chronicle.legacySoarAdvancedReports.` `chronicle.legacySoarAdvancedReports.delete` `chronicle.legacySoarAdvancedReports.get` `chronicle.legacySoarAdvancedReports.share` `chronicle.legacySoarAdvancedReports.update` `chronicle.legacySoarDashboards.` `chronicle.legacySoarDashboards.delete` `chronicle.legacySoarDashboards.get` `chronicle.legacySoarDashboards.update` `chronicle.legacySoarReports.` `chronicle.legacySoarReports.delete` `chronicle.legacySoarReports.get` `chronicle.legacySoarReports.update` `chronicle.legacySoarUsers.get` `chronicle.legacySystemMetadata.get` `chronicle.logProcessingPipelines.fetchAssociatedPipeline` `chronicle.logProcessingPipelines.fetchSampleLogsByStreams` `chronicle.logProcessingPipelines.get` `chronicle.logProcessingPipelines.list` `chronicle.logProcessingPipelines.testPipeline` `chronicle.logTypeSchemas.list` `chronicle.logs.` `chronicle.logs.export` `chronicle.logs.get` `chronicle.logs.import` `chronicle.logs.list` `chronicle.managerRevisions.` `chronicle.managerRevisions.delete` `chronicle.managerRevisions.get` `chronicle.managerRevisions.update` `chronicle.managers.` `chronicle.managers.delete` `chronicle.managers.get` `chronicle.managers.update` `chronicle.marketplaceIntegrations.` `chronicle.marketplaceIntegrations.get` `chronicle.marketplaceIntegrations.install` `chronicle.marketplaceIntegrations.uninstall` `chronicle.messages.` `chronicle.messages.create` `chronicle.messages.delete` `chronicle.messages.get` `chronicle.messages.list` `chronicle.messages.update` `chronicle.moduleSettings.` `chronicle.moduleSettings.get` `chronicle.moduleSettings.rebranding` `chronicle.multitenantDirectories.get` `chronicle.nativeDashboards.` `chronicle.nativeDashboards.create` `chronicle.nativeDashboards.delete` `chronicle.nativeDashboards.duplicate` `chronicle.nativeDashboards.get` `chronicle.nativeDashboards.list` `chronicle.nativeDashboards.update` `chronicle.notebooks.` `chronicle.notebooks.get` `chronicle.notebooks.list` `chronicle.notificationSettings.` `chronicle.notificationSettings.get` `chronicle.notificationSettings.update` `chronicle.ontologyRecords.get` `chronicle.operations.` `chronicle.operations.cancel` `chronicle.operations.delete` `chronicle.operations.get` `chronicle.operations.list` `chronicle.operations.streamSearch` `chronicle.operations.wait` `chronicle.preferenceSets.` `chronicle.preferenceSets.get` `chronicle.preferenceSets.update` `chronicle.referenceLists.` `chronicle.referenceLists.create` `chronicle.referenceLists.get` `chronicle.referenceLists.list` `chronicle.referenceLists.update` `chronicle.referenceLists.verifyReferenceList` `chronicle.remoteAgents.` `chronicle.remoteAgents.delete` `chronicle.remoteAgents.get` `chronicle.remoteAgents.update` `chronicle.requestTemplates.get` `chronicle.retrohunts.` `chronicle.retrohunts.create` `chronicle.retrohunts.get` `chronicle.retrohunts.list` `chronicle.riskConfigs.` `chronicle.riskConfigs.get` `chronicle.riskConfigs.update` `chronicle.ruleDeployments.` `chronicle.ruleDeployments.get` `chronicle.ruleDeployments.list` `chronicle.ruleDeployments.update` `chronicle.ruleExecutionErrors.list` `chronicle.rules.create` `chronicle.rules.get` `chronicle.rules.list` `chronicle.rules.listRevisions` `chronicle.rules.update` `chronicle.rules.verifyRuleText` `chronicle.savedColumnSets.` `chronicle.savedColumnSets.create` `chronicle.savedColumnSets.delete` `chronicle.savedColumnSets.get` `chronicle.savedColumnSets.list` `chronicle.savedColumnSets.update` `chronicle.searchQueries.` `chronicle.searchQueries.create` `chronicle.searchQueries.delete` `chronicle.searchQueries.get` `chronicle.searchQueries.list` `chronicle.searchQueries.update` `chronicle.soarDomains.get` `chronicle.soarNetworks.get` `chronicle.summaryTables.` `chronicle.summaryTables.create` `chronicle.summaryTables.delete` `chronicle.summaryTables.get` `chronicle.summaryTables.list` `chronicle.summaryTables.update` `chronicle.tasks.` `chronicle.tasks.delete` `chronicle.tasks.get` `chronicle.tasks.update` `chronicle.threatCollectionFilterSet.get` `chronicle.threatCollections.` `chronicle.threatCollections.fetchEntityMetadata` `chronicle.threatCollections.fetchIocMatchMetadata` `chronicle.threatCollections.fetchRelated` `chronicle.threatCollections.get` `chronicle.threatCollections.list` `chronicle.transformerDefinitions.` `chronicle.transformerDefinitions.create` `chronicle.transformerDefinitions.delete` `chronicle.transformerDefinitions.execute` `chronicle.transformerDefinitions.get` `chronicle.transformerDefinitions.list` `chronicle.transformerDefinitions.update` `chronicle.transformerRevisions.` `chronicle.transformerRevisions.delete` `chronicle.transformerRevisions.get` `chronicle.transformerRevisions.update` `chronicle.uniqueEntities.` `chronicle.uniqueEntities.get` `chronicle.uniqueEntities.update` `chronicle.userLocalizations.` `chronicle.userLocalizations.get` `chronicle.userLocalizations.update` `chronicle.userNotifications.` `chronicle.userNotifications.get` `chronicle.userNotifications.update` `chronicle.visualFamilies.get` `chronicle.watchlists.` `chronicle.watchlists.create` `chronicle.watchlists.delete` `chronicle.watchlists.get` `chronicle.watchlists.list` `chronicle.watchlists.update` `chronicle.webhooks.` `chronicle.webhooks.delete` `chronicle.webhooks.get` `chronicle.webhooks.update` `chronicle.workdeskContacts.` `chronicle.workdeskContacts.delete` `chronicle.workdeskContacts.get` `chronicle.workdeskContacts.update` `chronicle.workdeskLinks.` `chronicle.workdeskLinks.delete` `chronicle.workdeskLinks.get` `chronicle.workdeskLinks.update` `chronicle.workdeskNotes.` `chronicle.workdeskNotes.delete` `chronicle.workdeskNotes.get` `chronicle.workdeskNotes.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Chronicle API Federation Admin^Beta (`roles/chronicle.federationAdmin`) Full access to Chronicle Federation features.	`chronicle.federationGroups.*` `chronicle.federationGroups.create` `chronicle.federationGroups.delete` `chronicle.federationGroups.get` `chronicle.federationGroups.list` `chronicle.federationGroups.update` `chronicle.instances.permitFederationAccess` `resourcemanager.projects.get` `resourcemanager.projects.list`
Chronicle API Federation Viewer^Beta (`roles/chronicle.federationViewer`) Readonly access to Chronicle Federation Features.	`chronicle.federationGroups.get` `chronicle.federationGroups.list` `chronicle.instances.permitFederationAccess` `resourcemanager.projects.get` `resourcemanager.projects.list`
Chronicle API Global Data Access^Beta (`roles/chronicle.globalDataAccess`) Grants global access to data i.e. all data can be accessed.	`chronicle.globalDataAccessScopes.permit`
Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Grants read-only access to Chronicle API resources, excluding Rules and Retrohunts.	`chronicle.analyticValues.list` `chronicle.analytics.list` `chronicle.cases.countPriorities` `chronicle.conversations.get` `chronicle.conversations.list` `chronicle.coverageDetails.` `chronicle.coverageDetails.get` `chronicle.coverageDetails.list` `chronicle.dashboardCharts.` `chronicle.dashboardCharts.get` `chronicle.dashboardCharts.list` `chronicle.dashboardQueries.` `chronicle.dashboardQueries.execute` `chronicle.dashboardQueries.get` `chronicle.dashboardQueries.list` `chronicle.dashboards.get` `chronicle.dashboards.list` `chronicle.dashboards.schedule` `chronicle.dataAccessScopes.list` `chronicle.enrichmentCombination.get` `chronicle.enrichmentControls.get` `chronicle.enrichmentControls.list` `chronicle.entities.find` `chronicle.entities.findRelatedEntities` `chronicle.entities.get` `chronicle.entities.queryEntityRiskScoreModifications` `chronicle.entities.searchEntities` `chronicle.entities.summarize` `chronicle.entities.summarizeFromQuery` `chronicle.entityRiskScores.queryEntityRiskScores` `chronicle.events.batchGet` `chronicle.events.fetchEnrichedEvent` `chronicle.events.findUdmFieldValues` `chronicle.events.get` `chronicle.events.queryProductSourceStats` `chronicle.events.searchRawLogs` `chronicle.events.udmSearch` `chronicle.events.validateQuery` `chronicle.featuredContentNativeDashboards.get` `chronicle.featuredContentNativeDashboards.list` `chronicle.featuredContentSearchQueries.get` `chronicle.featuredContentSearchQueries.list` `chronicle.findingsGraphs.` `chronicle.findingsGraphs.exploreNode` `chronicle.findingsGraphs.initializeGraph` `chronicle.findingsRefinementDeployments.get` `chronicle.findingsRefinementDeployments.list` `chronicle.findingsRefinements.computeActivity` `chronicle.findingsRefinements.computeAllActivities` `chronicle.findingsRefinements.get` `chronicle.findingsRefinements.list` `chronicle.findingsRefinements.test` `chronicle.globalDataAccessScopes.permit` `chronicle.ingestionLogLabels.` `chronicle.ingestionLogLabels.get` `chronicle.ingestionLogLabels.list` `chronicle.ingestionLogNamespaces.` `chronicle.ingestionLogNamespaces.get` `chronicle.ingestionLogNamespaces.list` `chronicle.instances.get` `chronicle.investigationSteps.` `chronicle.investigationSteps.get` `chronicle.investigationSteps.list` `chronicle.iocAssociations.` `chronicle.iocAssociations.batchGet` `chronicle.iocAssociations.fetchRelated` `chronicle.iocAssociations.get` `chronicle.iocs.fetchRelated` `chronicle.iocs.findIocs` `chronicle.legacies.legacyBatchGetCases` `chronicle.legacies.legacyBatchGetCollections` `chronicle.legacies.legacyFetchAlertsView` `chronicle.legacies.legacyFetchUdmSearchCsv` `chronicle.legacies.legacyFetchUdmSearchView` `chronicle.legacies.legacyFindAssetEvents` `chronicle.legacies.legacyFindRawLogs` `chronicle.legacies.legacyFindUdmEvents` `chronicle.legacies.legacyGetAlert` `chronicle.legacies.legacySearchArtifactEvents` `chronicle.legacies.legacySearchArtifactIoCDetails` `chronicle.legacies.legacySearchAssetEvents` `chronicle.legacies.legacySearchCustomerStats` `chronicle.legacies.legacySearchDomainsRecentlyRegistered` `chronicle.legacies.legacySearchDomainsTimingStats` `chronicle.legacies.legacySearchEnterpriseWideAlerts` `chronicle.legacies.legacySearchEnterpriseWideIoCs` `chronicle.legacies.legacySearchFindings` `chronicle.legacies.legacySearchIngestionStats` `chronicle.legacies.legacySearchIoCInsights` `chronicle.legacies.legacySearchRawLogs` `chronicle.legacies.legacySearchUserEvents` `chronicle.logTypeSchemas.list` `chronicle.logs.export` `chronicle.logs.get` `chronicle.logs.list` `chronicle.messages.get` `chronicle.messages.list` `chronicle.multitenantDirectories.get` `chronicle.nativeDashboards.get` `chronicle.nativeDashboards.list` `chronicle.notebooks.` `chronicle.notebooks.get` `chronicle.notebooks.list` `chronicle.operations.get` `chronicle.operations.list` `chronicle.operations.streamSearch` `chronicle.operations.wait` `chronicle.preferenceSets.` `chronicle.preferenceSets.get` `chronicle.preferenceSets.update` `chronicle.searchQueries.` `chronicle.searchQueries.create` `chronicle.searchQueries.delete` `chronicle.searchQueries.get` `chronicle.searchQueries.list` `chronicle.searchQueries.update` `chronicle.threatCollectionFilterSet.get` `chronicle.threatCollections.` `chronicle.threatCollections.fetchEntityMetadata` `chronicle.threatCollections.fetchIocMatchMetadata` `chronicle.threatCollections.fetchRelated` `chronicle.threatCollections.get` `chronicle.threatCollections.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Chronicle API Restricted Data Access^Beta (`roles/chronicle.restrictedDataAccess`) Grants access to data controlled by Data Access Scopes. Intended to be refined by IAM Conditions.	`chronicle.dataAccessScopes.permit`
Chronicle API Restricted Data Access Viewer^Beta (`roles/chronicle.restrictedDataAccessViewer`) Grants readonly access to Chronicle API resources without global data access scope.	`chronicle.ais.` `chronicle.ais.createFeedback` `chronicle.ais.translateUdmQuery` `chronicle.ais.translateYlRule` `chronicle.dashboardCharts.` `chronicle.dashboardCharts.get` `chronicle.dashboardCharts.list` `chronicle.dashboardQueries.` `chronicle.dashboardQueries.execute` `chronicle.dashboardQueries.get` `chronicle.dashboardQueries.list` `chronicle.dataAccessScopes.list` `chronicle.dataTableRows.bulkGet` `chronicle.dataTableRows.get` `chronicle.dataTableRows.list` `chronicle.dataTables.get` `chronicle.dataTables.list` `chronicle.enrichmentCombination.get` `chronicle.enrichmentControls.get` `chronicle.enrichmentControls.list` `chronicle.entities.find` `chronicle.entities.findRelatedEntities` `chronicle.entities.get` `chronicle.entities.list` `chronicle.entities.searchEntities` `chronicle.entities.summarize` `chronicle.entities.summarizeFromQuery` `chronicle.events.batchGet` `chronicle.events.fetchEnrichedEvent` `chronicle.events.findUdmFieldValues` `chronicle.events.get` `chronicle.events.queryProductSourceStats` `chronicle.events.searchRawLogs` `chronicle.events.udmSearch` `chronicle.events.validateQuery` `chronicle.featuredContentNativeDashboards.get` `chronicle.featuredContentNativeDashboards.list` `chronicle.featuredContentSearchQueries.get` `chronicle.featuredContentSearchQueries.list` `chronicle.findingsGraphs.` `chronicle.findingsGraphs.exploreNode` `chronicle.findingsGraphs.initializeGraph` `chronicle.instances.generateCollectionAgentAuth` `chronicle.instances.generateSoarAuthJwt` `chronicle.instances.get` `chronicle.instances.report` `chronicle.legacies.legacyBatchGetCases` `chronicle.legacies.legacyBatchGetCollections` `chronicle.legacies.legacyFetchAlertsView` `chronicle.legacies.legacyFetchUdmSearchCsv` `chronicle.legacies.legacyFetchUdmSearchView` `chronicle.legacies.legacyFindAssetEvents` `chronicle.legacies.legacyFindRawLogs` `chronicle.legacies.legacyFindUdmEvents` `chronicle.legacies.legacyGetAlert` `chronicle.legacies.legacyGetRuleCounts` `chronicle.legacies.legacyGetRulesTrends` `chronicle.legacies.legacyRunTestRule` `chronicle.legacies.legacySearchArtifactEvents` `chronicle.legacies.legacySearchArtifactIoCDetails` `chronicle.legacies.legacySearchAssetEvents` `chronicle.legacies.legacySearchCustomerStats` `chronicle.legacies.legacySearchDomainsRecentlyRegistered` `chronicle.legacies.legacySearchDomainsTimingStats` `chronicle.legacies.legacySearchFindings` `chronicle.legacies.legacySearchIngestionStats` `chronicle.legacies.legacySearchIoCInsights` `chronicle.legacies.legacySearchRawLogs` `chronicle.legacies.legacySearchRuleDetectionCountBuckets` `chronicle.legacies.legacySearchRuleDetectionEvents` `chronicle.legacies.legacySearchRuleResults` `chronicle.legacies.legacySearchRulesAlerts` `chronicle.legacies.legacySearchUserEvents` `chronicle.logs.get` `chronicle.logs.list` `chronicle.multitenantDirectories.get` `chronicle.nativeDashboards.get` `chronicle.nativeDashboards.list` `chronicle.operations.get` `chronicle.operations.list` `chronicle.operations.streamSearch` `chronicle.operations.wait` `chronicle.preferenceSets.` `chronicle.preferenceSets.get` `chronicle.preferenceSets.update` `chronicle.referenceLists.get` `chronicle.referenceLists.list` `chronicle.referenceLists.verifyReferenceList` `chronicle.retrohunts.get` `chronicle.retrohunts.list` `chronicle.ruleDeployments.get` `chronicle.ruleDeployments.list` `chronicle.ruleExecutionErrors.list` `chronicle.rules.get` `chronicle.rules.list` `chronicle.rules.listRevisions` `chronicle.rules.verifyRuleText` `chronicle.searchQueries.` `chronicle.searchQueries.create` `chronicle.searchQueries.delete` `chronicle.searchQueries.get` `chronicle.searchQueries.list` `chronicle.searchQueries.update` `chronicle.summaryTables.get` `chronicle.summaryTables.list` `resourcemanager.projects.get` `resourcemanager.projects.list`
Chronicle Service Agent (`roles/chronicle.serviceAgent`) Grants Chronicle global data access to customer project Warning: Do not grant service agent roles to any principals except service agents.	`bigquery.connections.create` `bigquery.connections.delegate` `bigquery.connections.delete` `bigquery.connections.get` `bigquery.connections.getIamPolicy` `bigquery.connections.list` `bigquery.connections.update` `bigquery.connections.updateTag` `bigquery.connections.use` `bigquery.datasets.create` `bigquery.jobs.create` `bigquery.jobs.get` `bigquery.tables.create` `bigquery.tables.delete` `bigquery.tables.get` `bigquery.tables.update` `bigquery.tables.updateData` `chronicle.caseComments.update` `chronicle.conversations.create` `chronicle.dashboards.copy` `chronicle.dashboards.create` `chronicle.dashboards.get` `chronicle.dashboards.list` `chronicle.dataTableRows.bulkCreate` `chronicle.dataTableRows.delete` `chronicle.dataTableRows.list` `chronicle.dataTables.get` `chronicle.dataTables.list` `chronicle.entities.findRelatedEntities` `chronicle.entities.summarize` `chronicle.entities.summarizeFromQuery` `chronicle.events.udmSearch` `chronicle.globalDataAccessScopes.permit` `chronicle.instances.get` `chronicle.investigations.get` `chronicle.investigations.list` `chronicle.investigations.trigger` `chronicle.legacies.legacyGetDetection` `chronicle.legacies.legacySearchArtifactIoCDetails` `chronicle.legacies.legacySearchAssetEvents` `chronicle.legacies.legacySearchCuratedDetections` `chronicle.legacies.legacySearchDetections` `chronicle.legacies.legacySearchEnterpriseWideIoCs` `chronicle.legacies.legacyStreamDetectionAlerts` `chronicle.legacies.legacyUpdateAlert` `chronicle.legacySdk.*` `chronicle.legacySdk.get` `chronicle.legacySdk.update` `chronicle.messages.create` `chronicle.messages.delete` `chronicle.preferenceSets.update` `chronicle.referenceLists.get` `chronicle.referenceLists.list` `chronicle.referenceLists.update` `chronicle.retrohunts.create` `chronicle.rules.get` `logging.logEntries.create` `logging.logEntries.route` `monitoring.alertPolicies.create` `monitoring.alertPolicies.delete` `monitoring.alertPolicies.get` `monitoring.alertPolicies.list` `monitoring.alertPolicies.update` `resourcemanager.projects.get` `serviceusage.operations.get` `serviceusage.quotas.get` `serviceusage.services.enable` `serviceusage.services.get` `serviceusage.services.list` `storage.buckets.create` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.setIamPolicy` `storage.objects.create` `storage.objects.delete` `storage.objects.get` `storage.objects.list`
Chronicle SOAR Admin^Beta (`roles/chronicle.soarAdmin`) Grants admin access to Chronicle SOAR.	`chronicle.alertGroupingRules.` `chronicle.alertGroupingRules.delete` `chronicle.alertGroupingRules.get` `chronicle.alertGroupingRules.update` `chronicle.announcements.` `chronicle.announcements.delete` `chronicle.announcements.get` `chronicle.announcements.update` `chronicle.attachments.` `chronicle.attachments.delete` `chronicle.attachments.get` `chronicle.attachments.update` `chronicle.calculatedFieldDefinitions.` `chronicle.calculatedFieldDefinitions.delete` `chronicle.calculatedFieldDefinitions.get` `chronicle.calculatedFieldDefinitions.update` `chronicle.caseAlerts.` `chronicle.caseAlerts.get` `chronicle.caseAlerts.metadataUpdate` `chronicle.caseAlerts.move` `chronicle.caseAlerts.updateSla` `chronicle.caseCloseDefinitions.` `chronicle.caseCloseDefinitions.delete` `chronicle.caseCloseDefinitions.get` `chronicle.caseCloseDefinitions.update` `chronicle.caseComments.` `chronicle.caseComments.delete` `chronicle.caseComments.get` `chronicle.caseComments.update` `chronicle.caseQueueFilters.` `chronicle.caseQueueFilters.delete` `chronicle.caseQueueFilters.get` `chronicle.caseQueueFilters.update` `chronicle.caseStageDefinitions.` `chronicle.caseStageDefinitions.delete` `chronicle.caseStageDefinitions.get` `chronicle.caseStageDefinitions.update` `chronicle.caseTagDefinitions.` `chronicle.caseTagDefinitions.delete` `chronicle.caseTagDefinitions.get` `chronicle.caseTagDefinitions.update` `chronicle.caseWallRecords.` `chronicle.caseWallRecords.get` `chronicle.caseWallRecords.update` `chronicle.cases.` `chronicle.cases.close` `chronicle.cases.countPriorities` `chronicle.cases.generateReport` `chronicle.cases.get` `chronicle.cases.removeTag` `chronicle.cases.reopen` `chronicle.cases.update` `chronicle.cases.updateTag` `chronicle.chatMessages.` `chronicle.chatMessages.create` `chronicle.chatMessages.get` `chronicle.chatMessages.pin` `chronicle.connectorInstanceLogs.get` `chronicle.connectorInstances.` `chronicle.connectorInstances.delete` `chronicle.connectorInstances.get` `chronicle.connectorInstances.update` `chronicle.connectorRevisions.` `chronicle.connectorRevisions.delete` `chronicle.connectorRevisions.get` `chronicle.connectorRevisions.update` `chronicle.connectors.` `chronicle.connectors.delete` `chronicle.connectors.get` `chronicle.connectors.update` `chronicle.contentPacks.` `chronicle.contentPacks.create` `chronicle.contentPacks.delete` `chronicle.contentPacks.export` `chronicle.contentPacks.get` `chronicle.contentPacks.install` `chronicle.contextProperties.` `chronicle.contextProperties.delete` `chronicle.contextProperties.get` `chronicle.contextProperties.update` `chronicle.customFieldValues.` `chronicle.customFieldValues.get` `chronicle.customFieldValues.update` `chronicle.customFields.` `chronicle.customFields.delete` `chronicle.customFields.get` `chronicle.customFields.update` `chronicle.customLists.` `chronicle.customLists.delete` `chronicle.customLists.get` `chronicle.customLists.update` `chronicle.dataAccessScopes.list` `chronicle.emailTemplates.` `chronicle.emailTemplates.delete` `chronicle.emailTemplates.get` `chronicle.emailTemplates.update` `chronicle.entitiesBlocklists.` `chronicle.entitiesBlocklists.delete` `chronicle.entitiesBlocklists.get` `chronicle.entitiesBlocklists.update` `chronicle.environmentGroups.` `chronicle.environmentGroups.delete` `chronicle.environmentGroups.get` `chronicle.environmentGroups.update` `chronicle.environments.` `chronicle.environments.delete` `chronicle.environments.get` `chronicle.environments.update` `chronicle.formDynamicParameters.` `chronicle.formDynamicParameters.get` `chronicle.formDynamicParameters.update` `chronicle.instances.generateSoarAuthJwt` `chronicle.instances.get` `chronicle.instances.soarAdmin` `chronicle.integrationActionRevisions.` `chronicle.integrationActionRevisions.delete` `chronicle.integrationActionRevisions.get` `chronicle.integrationActionRevisions.update` `chronicle.integrationActions.` `chronicle.integrationActions.delete` `chronicle.integrationActions.get` `chronicle.integrationActions.run` `chronicle.integrationActions.update` `chronicle.integrationInstances.` `chronicle.integrationInstances.delete` `chronicle.integrationInstances.get` `chronicle.integrationInstances.update` `chronicle.integrationLogicalOperatorRevisions.` `chronicle.integrationLogicalOperatorRevisions.delete` `chronicle.integrationLogicalOperatorRevisions.get` `chronicle.integrationLogicalOperatorRevisions.update` `chronicle.integrationLogicalOperators.` `chronicle.integrationLogicalOperators.delete` `chronicle.integrationLogicalOperators.execute` `chronicle.integrationLogicalOperators.get` `chronicle.integrationLogicalOperators.update` `chronicle.integrations.` `chronicle.integrations.delete` `chronicle.integrations.get` `chronicle.integrations.update` `chronicle.involvedEntities.` `chronicle.involvedEntities.get` `chronicle.involvedEntities.update` `chronicle.jobInstanceLogs.get` `chronicle.jobInstances.` `chronicle.jobInstances.delete` `chronicle.jobInstances.get` `chronicle.jobInstances.run` `chronicle.jobInstances.update` `chronicle.jobRevisions.` `chronicle.jobRevisions.delete` `chronicle.jobRevisions.get` `chronicle.jobRevisions.update` `chronicle.jobs.` `chronicle.jobs.delete` `chronicle.jobs.get` `chronicle.jobs.update` `chronicle.legacyCaseFederationPlatforms.` `chronicle.legacyCaseFederationPlatforms.delete` `chronicle.legacyCaseFederationPlatforms.get` `chronicle.legacyCaseFederationPlatforms.update` `chronicle.legacyCases.` `chronicle.legacyCases.createManual` `chronicle.legacyCases.createSimulated` `chronicle.legacyCases.deleteSimulated` `chronicle.legacyCases.exportJson` `chronicle.legacyCases.get` `chronicle.legacyCases.getSimulated` `chronicle.legacyCases.importJson` `chronicle.legacyCases.ingest` `chronicle.legacyCases.ingestAlertTestCase` `chronicle.legacyCases.runManualAction` `chronicle.legacyCases.simulate` `chronicle.legacyConfiguration.getMaximumAlertsGroupingConfiguration` `chronicle.legacyFederatedCases.` `chronicle.legacyFederatedCases.batchPatchFederatedCases` `chronicle.legacyFederatedCases.fetchCasesToSync` `chronicle.legacyFederatedCases.get` `chronicle.legacyPlaybooks.` `chronicle.legacyPlaybooks.delete` `chronicle.legacyPlaybooks.export` `chronicle.legacyPlaybooks.get` `chronicle.legacyPlaybooks.import` `chronicle.legacyPlaybooks.update` `chronicle.legacyPublisher.` `chronicle.legacyPublisher.get` `chronicle.legacyPublisher.update` `chronicle.legacySdk.` `chronicle.legacySdk.get` `chronicle.legacySdk.update` `chronicle.legacySearches.` `chronicle.legacySearches.searchCases` `chronicle.legacySearches.searchEntities` `chronicle.legacySoarAdvancedReports.` `chronicle.legacySoarAdvancedReports.delete` `chronicle.legacySoarAdvancedReports.get` `chronicle.legacySoarAdvancedReports.share` `chronicle.legacySoarAdvancedReports.update` `chronicle.legacySoarAudits.legacySoarAudit` `chronicle.legacySoarDashboards.` `chronicle.legacySoarDashboards.delete` `chronicle.legacySoarDashboards.get` `chronicle.legacySoarDashboards.update` `chronicle.legacySoarIdpMappingGroups.` `chronicle.legacySoarIdpMappingGroups.delete` `chronicle.legacySoarIdpMappingGroups.get` `chronicle.legacySoarIdpMappingGroups.update` `chronicle.legacySoarPermissionGroups.get` `chronicle.legacySoarReports.` `chronicle.legacySoarReports.delete` `chronicle.legacySoarReports.get` `chronicle.legacySoarReports.update` `chronicle.legacySoarSettings.` `chronicle.legacySoarSettings.get` `chronicle.legacySoarSettings.update` `chronicle.legacySoarUsers.` `chronicle.legacySoarUsers.delete` `chronicle.legacySoarUsers.get` `chronicle.legacySystem.` `chronicle.legacySystem.getLicenseStatus` `chronicle.legacySystem.getMaximumDataRetentionValue` `chronicle.legacySystem.getSystemVersion` `chronicle.legacySystemMetadata.` `chronicle.legacySystemMetadata.get` `chronicle.legacySystemMetadata.placeholders` `chronicle.managerRevisions.` `chronicle.managerRevisions.delete` `chronicle.managerRevisions.get` `chronicle.managerRevisions.update` `chronicle.managers.` `chronicle.managers.delete` `chronicle.managers.get` `chronicle.managers.update` `chronicle.mappingRules.` `chronicle.mappingRules.delete` `chronicle.mappingRules.get` `chronicle.mappingRules.update` `chronicle.marketplaceIntegrations.` `chronicle.marketplaceIntegrations.get` `chronicle.marketplaceIntegrations.install` `chronicle.marketplaceIntegrations.uninstall` `chronicle.moduleSettings.` `chronicle.moduleSettings.get` `chronicle.moduleSettings.rebranding` `chronicle.moduleSettingsProperties.` `chronicle.moduleSettingsProperties.get` `chronicle.moduleSettingsProperties.testSettings` `chronicle.moduleSettingsProperties.update` `chronicle.notificationSettings.` `chronicle.notificationSettings.get` `chronicle.notificationSettings.update` `chronicle.ontologyRecords.` `chronicle.ontologyRecords.get` `chronicle.ontologyRecords.update` `chronicle.preferenceSets.get` `chronicle.propertySchemaDefinitions.` `chronicle.propertySchemaDefinitions.delete` `chronicle.propertySchemaDefinitions.get` `chronicle.propertySchemaDefinitions.update` `chronicle.remoteAgents.` `chronicle.remoteAgents.delete` `chronicle.remoteAgents.get` `chronicle.remoteAgents.update` `chronicle.requestTemplates.` `chronicle.requestTemplates.delete` `chronicle.requestTemplates.get` `chronicle.requestTemplates.update` `chronicle.slaDefinitions.` `chronicle.slaDefinitions.delete` `chronicle.slaDefinitions.get` `chronicle.slaDefinitions.update` `chronicle.soarDomains.` `chronicle.soarDomains.delete` `chronicle.soarDomains.get` `chronicle.soarDomains.update` `chronicle.soarNetworks.` `chronicle.soarNetworks.delete` `chronicle.soarNetworks.get` `chronicle.soarNetworks.update` `chronicle.socRoles.` `chronicle.socRoles.delete` `chronicle.socRoles.get` `chronicle.socRoles.update` `chronicle.systemNotifications.` `chronicle.systemNotifications.get` `chronicle.systemNotifications.update` `chronicle.tasks.` `chronicle.tasks.delete` `chronicle.tasks.get` `chronicle.tasks.update` `chronicle.transformerDefinitions.` `chronicle.transformerDefinitions.create` `chronicle.transformerDefinitions.delete` `chronicle.transformerDefinitions.execute` `chronicle.transformerDefinitions.get` `chronicle.transformerDefinitions.list` `chronicle.transformerDefinitions.update` `chronicle.transformerRevisions.` `chronicle.transformerRevisions.delete` `chronicle.transformerRevisions.get` `chronicle.transformerRevisions.update` `chronicle.uniqueEntities.` `chronicle.uniqueEntities.get` `chronicle.uniqueEntities.update` `chronicle.userLocalizations.` `chronicle.userLocalizations.get` `chronicle.userLocalizations.update` `chronicle.userNotifications.` `chronicle.userNotifications.get` `chronicle.userNotifications.update` `chronicle.views.` `chronicle.views.get` `chronicle.views.update` `chronicle.visualFamilies.` `chronicle.visualFamilies.delete` `chronicle.visualFamilies.get` `chronicle.visualFamilies.update` `chronicle.webhooks.` `chronicle.webhooks.delete` `chronicle.webhooks.get` `chronicle.webhooks.update` `chronicle.workdeskContacts.` `chronicle.workdeskContacts.delete` `chronicle.workdeskContacts.get` `chronicle.workdeskContacts.update` `chronicle.workdeskLinks.` `chronicle.workdeskLinks.delete` `chronicle.workdeskLinks.get` `chronicle.workdeskLinks.update` `chronicle.workdeskNotes.*` `chronicle.workdeskNotes.delete` `chronicle.workdeskNotes.get` `chronicle.workdeskNotes.update` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.attackpaths.list` `securitycenter.exposurepathexplan.get` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.update` `securitycenter.findingsecuritymarks.update` `securitycenter.simulations.get` `securitycenter.userinterfacemetadata.get` `securitycenter.valuedresources.list`
Chronicle SOAR Remote Agent^Beta (`roles/chronicle.soarRemoteAgent`) Grants Remote Agent access to Chronicle SOAR.	`chronicle.legacyPublisher.` `chronicle.legacyPublisher.get` `chronicle.legacyPublisher.update` `chronicle.legacySdk.` `chronicle.legacySdk.get` `chronicle.legacySdk.update` `resourcemanager.projects.get` `resourcemanager.projects.list`
Chronicle SOAR Service Agent (`roles/chronicle.soarServiceAgent`) Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources. Warning: Do not grant service agent roles to any principals except service agents.	`cloudasset.assets.analyzeIamPolicy` `cloudasset.assets.exportIamPolicy` `cloudasset.assets.exportResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `compute.firewalls.get` `compute.firewalls.update` `compute.globalOperations.get` `compute.instances.deleteAccessConfig` `compute.instances.get` `compute.instances.list` `compute.instances.stop` `compute.instances.updateNetworkInterface` `compute.networks.updatePolicy` `compute.regionOperations.get` `compute.zoneOperations.get` `compute.zones.list` `iam.serviceAccounts.disable` `iam.serviceAccounts.list` `recommender.iamPolicyRecommendations.*` `recommender.iamPolicyRecommendations.get` `recommender.iamPolicyRecommendations.list` `recommender.iamPolicyRecommendations.update` `resourcemanager.organizations.getIamPolicy` `securitycenter.findingexternalsystems.update` `securitycenter.findings.list` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.update` `securitycenter.notificationconfig.create` `securitycenter.notificationconfig.delete` `securitycenter.notificationconfig.get` `securitycenter.notificationconfig.update` `securitycenter.sources.list` `storage.buckets.get` `storage.buckets.getIamPolicy` `storage.buckets.list` `storage.buckets.update`
Chronicle SOAR Threat Manager^Beta (`roles/chronicle.soarThreatManager`) Grants threat manager access to Chronicle SOAR.	`chronicle.instances.soarThreatManager` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.attackpaths.list` `securitycenter.exposurepathexplan.get` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.update` `securitycenter.findingsecuritymarks.update` `securitycenter.simulations.get` `securitycenter.userinterfacemetadata.get` `securitycenter.valuedresources.list`
Chronicle SOAR Vulnerability Manager^Beta (`roles/chronicle.soarVulnerabilityManager`) Grants vulnerability manager access to Chronicle SOAR.	`chronicle.instances.soarVulnerabilityManager` `cloudasset.assets.exportResource` `cloudasset.assets.queryAccessPolicy` `cloudasset.assets.queryIamPolicy` `cloudasset.assets.queryOSInventories` `cloudasset.assets.queryResource` `cloudasset.assets.searchAllIamPolicies` `cloudasset.assets.searchAllResources` `cloudasset.assets.searchEnrichmentResourceOwners` `resourcemanager.organizations.get` `resourcemanager.projects.get` `resourcemanager.projects.list` `securitycenter.attackpaths.list` `securitycenter.exposurepathexplan.get` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.group` `securitycenter.findings.list` `securitycenter.findings.listFindingPropertyNames` `securitycenter.findings.setMute` `securitycenter.findings.setState` `securitycenter.findings.update` `securitycenter.findingsecuritymarks.update` `securitycenter.simulations.get` `securitycenter.userinterfacemetadata.get` `securitycenter.valuedresources.list`
Chronicle API Viewer (`roles/chronicle.viewer`) Read-only access to the Chronicle API resources.	`chronicle.ais.` `chronicle.ais.createFeedback` `chronicle.ais.translateUdmQuery` `chronicle.ais.translateYlRule` `chronicle.analyticValues.list` `chronicle.analytics.list` `chronicle.announcements.get` `chronicle.attachments.get` `chronicle.bigQueryExport.get` `chronicle.calculatedFieldDefinitions.get` `chronicle.caseAlerts.get` `chronicle.caseCloseDefinitions.get` `chronicle.caseComments.get` `chronicle.caseQueueFilters.get` `chronicle.caseTagDefinitions.get` `chronicle.cases.countPriorities` `chronicle.cases.generateReport` `chronicle.cases.get` `chronicle.chatMessages.get` `chronicle.collectors.get` `chronicle.collectors.list` `chronicle.contentPacks.get` `chronicle.contextProperties.get` `chronicle.conversations.get` `chronicle.conversations.list` `chronicle.coverageDetails.` `chronicle.coverageDetails.get` `chronicle.coverageDetails.list` `chronicle.curatedRuleSetCategories.` `chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections` `chronicle.curatedRuleSetCategories.get` `chronicle.curatedRuleSetCategories.list` `chronicle.curatedRuleSetDeployments.get` `chronicle.curatedRuleSetDeployments.list` `chronicle.curatedRuleSets.` `chronicle.curatedRuleSets.countCuratedRuleSetDetections` `chronicle.curatedRuleSets.get` `chronicle.curatedRuleSets.list` `chronicle.curatedRules.` `chronicle.curatedRules.get` `chronicle.curatedRules.list` `chronicle.customFieldValues.get` `chronicle.customFields.get` `chronicle.dashboardCharts.` `chronicle.dashboardCharts.get` `chronicle.dashboardCharts.list` `chronicle.dashboardQueries.` `chronicle.dashboardQueries.execute` `chronicle.dashboardQueries.get` `chronicle.dashboardQueries.list` `chronicle.dashboardScheduledReports.fetchHistory` `chronicle.dashboardScheduledReports.get` `chronicle.dashboardScheduledReports.list` `chronicle.dashboards.get` `chronicle.dashboards.list` `chronicle.dashboards.schedule` `chronicle.dataAccessScopes.list` `chronicle.dataExports.fetchLogTypesAvailableForExport` `chronicle.dataExports.fetchServiceAccountForDataExport` `chronicle.dataExports.get` `chronicle.dataExports.list` `chronicle.dataTableOperationErrors.get` `chronicle.dataTableRows.bulkGet` `chronicle.dataTableRows.get` `chronicle.dataTableRows.list` `chronicle.dataTables.get` `chronicle.dataTables.list` `chronicle.dataTaps.get` `chronicle.dataTaps.list` `chronicle.enrichmentCombination.get` `chronicle.enrichmentControls.get` `chronicle.enrichmentControls.list` `chronicle.entities.find` `chronicle.entities.findRelatedEntities` `chronicle.entities.get` `chronicle.entities.list` `chronicle.entities.queryEntityRiskScoreModifications` `chronicle.entities.searchEntities` `chronicle.entities.summarize` `chronicle.entities.summarizeFromQuery` `chronicle.entityRiskScores.queryEntityRiskScores` `chronicle.environmentGroups.get` `chronicle.environments.get` `chronicle.events.batchGet` `chronicle.events.fetchEnrichedEvent` `chronicle.events.findUdmFieldValues` `chronicle.events.get` `chronicle.events.queryProductSourceStats` `chronicle.events.searchRawLogs` `chronicle.events.udmSearch` `chronicle.events.validateQuery` `chronicle.featuredContentNativeDashboards.get` `chronicle.featuredContentNativeDashboards.list` `chronicle.featuredContentRules.list` `chronicle.featuredContentSearchQueries.get` `chronicle.featuredContentSearchQueries.list` `chronicle.feedPacks.` `chronicle.feedPacks.get` `chronicle.feedPacks.list` `chronicle.findingsGraphs.` `chronicle.findingsGraphs.exploreNode` `chronicle.findingsGraphs.initializeGraph` `chronicle.findingsRefinementDeployments.get` `chronicle.findingsRefinementDeployments.list` `chronicle.findingsRefinements.computeActivity` `chronicle.findingsRefinements.computeAllActivities` `chronicle.findingsRefinements.get` `chronicle.findingsRefinements.list` `chronicle.findingsRefinements.test` `chronicle.formDynamicParameters.get` `chronicle.forwarders.generate` `chronicle.forwarders.get` `chronicle.forwarders.list` `chronicle.globalDataAccessScopes.permit` `chronicle.ingestionLogLabels.` `chronicle.ingestionLogLabels.get` `chronicle.ingestionLogLabels.list` `chronicle.ingestionLogNamespaces.` `chronicle.ingestionLogNamespaces.get` `chronicle.ingestionLogNamespaces.list` `chronicle.instances.generateCollectionAgentAuth` `chronicle.instances.generateSoarAuthJwt` `chronicle.instances.get` `chronicle.instances.logTypeClassifier` `chronicle.instances.report` `chronicle.integrationActions.get` `chronicle.investigationSteps.` `chronicle.investigationSteps.get` `chronicle.investigationSteps.list` `chronicle.investigations.fetchAssociated` `chronicle.investigations.get` `chronicle.investigations.list` `chronicle.involvedEntities.get` `chronicle.iocAssociations.` `chronicle.iocAssociations.batchGet` `chronicle.iocAssociations.fetchRelated` `chronicle.iocAssociations.get` `chronicle.iocMatches.` `chronicle.iocMatches.get` `chronicle.iocMatches.list` `chronicle.iocState.get` `chronicle.iocs.` `chronicle.iocs.batchGet` `chronicle.iocs.fetchRelated` `chronicle.iocs.findFirstAndLastSeen` `chronicle.iocs.findIocs` `chronicle.iocs.get` `chronicle.iocs.searchCuratedDetectionsForIoc` `chronicle.labsExperimentExecutions.get` `chronicle.labsExperimentExecutions.list` `chronicle.labsExperiments.get` `chronicle.labsExperiments.list` `chronicle.legacies.legacyBatchGetCases` `chronicle.legacies.legacyBatchGetCollections` `chronicle.legacies.legacyFetchAlertsView` `chronicle.legacies.legacyFetchUdmSearchCsv` `chronicle.legacies.legacyFetchUdmSearchView` `chronicle.legacies.legacyFindAssetEvents` `chronicle.legacies.legacyFindRawLogs` `chronicle.legacies.legacyFindUdmEvents` `chronicle.legacies.legacyGetAlert` `chronicle.legacies.legacyGetCuratedRulesTrends` `chronicle.legacies.legacyGetDetection` `chronicle.legacies.legacyGetEventForDetection` `chronicle.legacies.legacyGetRuleCounts` `chronicle.legacies.legacyGetRulesTrends` `chronicle.legacies.legacyRunTestRule` `chronicle.legacies.legacySearchArtifactEvents` `chronicle.legacies.legacySearchArtifactIoCDetails` `chronicle.legacies.legacySearchAssetEvents` `chronicle.legacies.legacySearchCuratedDetections` `chronicle.legacies.legacySearchCustomerStats` `chronicle.legacies.legacySearchDetections` `chronicle.legacies.legacySearchDomainsRecentlyRegistered` `chronicle.legacies.legacySearchDomainsTimingStats` `chronicle.legacies.legacySearchEnterpriseWideAlerts` `chronicle.legacies.legacySearchEnterpriseWideIoCs` `chronicle.legacies.legacySearchFindings` `chronicle.legacies.legacySearchIngestionStats` `chronicle.legacies.legacySearchIoCInsights` `chronicle.legacies.legacySearchRawLogs` `chronicle.legacies.legacySearchRuleDetectionCountBuckets` `chronicle.legacies.legacySearchRuleDetectionEvents` `chronicle.legacies.legacySearchRuleResults` `chronicle.legacies.legacySearchRulesAlerts` `chronicle.legacies.legacySearchUserEvents` `chronicle.legacies.legacyStreamDetectionAlerts` `chronicle.legacies.legacyTestRuleStreaming` `chronicle.legacyCases.get` `chronicle.legacySearches.` `chronicle.legacySearches.searchCases` `chronicle.legacySearches.searchEntities` `chronicle.legacySoarAdvancedReports.get` `chronicle.legacySoarDashboards.get` `chronicle.legacySoarReports.get` `chronicle.legacySoarUsers.get` `chronicle.legacySystemMetadata.get` `chronicle.logProcessingPipelines.fetchAssociatedPipeline` `chronicle.logProcessingPipelines.fetchSampleLogsByStreams` `chronicle.logProcessingPipelines.get` `chronicle.logProcessingPipelines.list` `chronicle.logProcessingPipelines.testPipeline` `chronicle.logTypeSchemas.list` `chronicle.logs.export` `chronicle.logs.get` `chronicle.logs.list` `chronicle.marketplaceIntegrations.get` `chronicle.messages.get` `chronicle.messages.list` `chronicle.moduleSettings.` `chronicle.moduleSettings.get` `chronicle.moduleSettings.rebranding` `chronicle.multitenantDirectories.get` `chronicle.nativeDashboards.get` `chronicle.nativeDashboards.list` `chronicle.notebooks.` `chronicle.notebooks.get` `chronicle.notebooks.list` `chronicle.operations.get` `chronicle.operations.list` `chronicle.operations.streamSearch` `chronicle.operations.wait` `chronicle.preferenceSets.` `chronicle.preferenceSets.get` `chronicle.preferenceSets.update` `chronicle.referenceLists.get` `chronicle.referenceLists.list` `chronicle.referenceLists.verifyReferenceList` `chronicle.requestTemplates.get` `chronicle.retrohunts.get` `chronicle.retrohunts.list` `chronicle.riskConfigs.get` `chronicle.ruleDeployments.get` `chronicle.ruleDeployments.list` `chronicle.ruleExecutionErrors.list` `chronicle.rules.get` `chronicle.rules.list` `chronicle.rules.listRevisions` `chronicle.rules.verifyRuleText` `chronicle.savedColumnSets.` `chronicle.savedColumnSets.create` `chronicle.savedColumnSets.delete` `chronicle.savedColumnSets.get` `chronicle.savedColumnSets.list` `chronicle.savedColumnSets.update` `chronicle.searchQueries.` `chronicle.searchQueries.create` `chronicle.searchQueries.delete` `chronicle.searchQueries.get` `chronicle.searchQueries.list` `chronicle.searchQueries.update` `chronicle.summaryTables.get` `chronicle.summaryTables.list` `chronicle.threatCollectionFilterSet.get` `chronicle.threatCollections.` `chronicle.threatCollections.fetchEntityMetadata` `chronicle.threatCollections.fetchIocMatchMetadata` `chronicle.threatCollections.fetchRelated` `chronicle.threatCollections.get` `chronicle.threatCollections.list` `chronicle.watchlists.get` `chronicle.watchlists.list` `resourcemanager.projects.get` `resourcemanager.projects.list`

Chronicle API Admin

(roles/chronicle.admin)

Full access to the Chronicle API services, including global settings.

chronicle.ais.*

chronicle.ais.createFeedback
chronicle.ais.translateUdmQuery
chronicle.ais.translateYlRule

chronicle.alertGroupingRules.*

chronicle.alertGroupingRules.delete
chronicle.alertGroupingRules.get
chronicle.alertGroupingRules.update

chronicle.analyticValues.list

chronicle.analytics.list

chronicle.announcements.*

chronicle.announcements.delete
chronicle.announcements.get
chronicle.announcements.update

chronicle.attachments.*

chronicle.attachments.delete
chronicle.attachments.get
chronicle.attachments.update

chronicle.bigQueryAccess.provide

chronicle.bigQueryExport.*

chronicle.bigQueryExport.get
chronicle.bigQueryExport.provision
chronicle.bigQueryExport.update

chronicle.calculatedFieldDefinitions.*

chronicle.calculatedFieldDefinitions.delete
chronicle.calculatedFieldDefinitions.get
chronicle.calculatedFieldDefinitions.update

chronicle.caseAlerts.*

chronicle.caseAlerts.get
chronicle.caseAlerts.metadataUpdate
chronicle.caseAlerts.move
chronicle.caseAlerts.updateSla

chronicle.caseCloseDefinitions.*

chronicle.caseCloseDefinitions.delete
chronicle.caseCloseDefinitions.get
chronicle.caseCloseDefinitions.update

chronicle.caseComments.*

chronicle.caseComments.delete
chronicle.caseComments.get
chronicle.caseComments.update

chronicle.caseQueueFilters.*

chronicle.caseQueueFilters.delete
chronicle.caseQueueFilters.get
chronicle.caseQueueFilters.update

chronicle.caseStageDefinitions.*

chronicle.caseStageDefinitions.delete
chronicle.caseStageDefinitions.get
chronicle.caseStageDefinitions.update

chronicle.caseTagDefinitions.*

chronicle.caseTagDefinitions.delete
chronicle.caseTagDefinitions.get
chronicle.caseTagDefinitions.update

chronicle.caseWallRecords.*

chronicle.caseWallRecords.get
chronicle.caseWallRecords.update

chronicle.cases.*

chronicle.cases.close
chronicle.cases.countPriorities
chronicle.cases.generateReport
chronicle.cases.get
chronicle.cases.removeTag
chronicle.cases.reopen
chronicle.cases.update
chronicle.cases.updateTag

chronicle.chatMessages.*

chronicle.chatMessages.create
chronicle.chatMessages.get
chronicle.chatMessages.pin

chronicle.collectors.*

chronicle.collectors.create
chronicle.collectors.delete
chronicle.collectors.get
chronicle.collectors.list
chronicle.collectors.update

chronicle.connectorInstanceLogs.get

chronicle.connectorInstances.*

chronicle.connectorInstances.delete
chronicle.connectorInstances.get
chronicle.connectorInstances.update

chronicle.connectorRevisions.*

chronicle.connectorRevisions.delete
chronicle.connectorRevisions.get
chronicle.connectorRevisions.update

chronicle.connectors.*

chronicle.connectors.delete
chronicle.connectors.get
chronicle.connectors.update

chronicle.contentPacks.*

chronicle.contentPacks.create
chronicle.contentPacks.delete
chronicle.contentPacks.export
chronicle.contentPacks.get
chronicle.contentPacks.install

chronicle.contextProperties.*

chronicle.contextProperties.delete
chronicle.contextProperties.get
chronicle.contextProperties.update

chronicle.conversations.*

chronicle.conversations.create
chronicle.conversations.delete
chronicle.conversations.get
chronicle.conversations.list
chronicle.conversations.update

chronicle.coverageDetails.*

chronicle.coverageDetails.get
chronicle.coverageDetails.list

chronicle.curatedRuleSetCategories.*

chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
chronicle.curatedRuleSetCategories.get
chronicle.curatedRuleSetCategories.list

chronicle.curatedRuleSetDeployments.*

chronicle.curatedRuleSetDeployments.batchUpdate
chronicle.curatedRuleSetDeployments.get
chronicle.curatedRuleSetDeployments.list
chronicle.curatedRuleSetDeployments.update

chronicle.curatedRuleSets.*

chronicle.curatedRuleSets.countCuratedRuleSetDetections
chronicle.curatedRuleSets.get
chronicle.curatedRuleSets.list

chronicle.curatedRules.*

chronicle.curatedRules.get
chronicle.curatedRules.list

chronicle.customFieldValues.*

chronicle.customFieldValues.get
chronicle.customFieldValues.update

chronicle.customFields.*

chronicle.customFields.delete
chronicle.customFields.get
chronicle.customFields.update

chronicle.customLists.*

chronicle.customLists.delete
chronicle.customLists.get
chronicle.customLists.update

chronicle.dashboardCharts.*

chronicle.dashboardCharts.get
chronicle.dashboardCharts.list

chronicle.dashboardQueries.*

chronicle.dashboardQueries.execute
chronicle.dashboardQueries.get
chronicle.dashboardQueries.list

chronicle.dashboardScheduledReports.*

chronicle.dashboardScheduledReports.create
chronicle.dashboardScheduledReports.delete
chronicle.dashboardScheduledReports.duplicate
chronicle.dashboardScheduledReports.fetchHistory
chronicle.dashboardScheduledReports.get
chronicle.dashboardScheduledReports.list
chronicle.dashboardScheduledReports.trigger
chronicle.dashboardScheduledReports.update

chronicle.dashboards.*

chronicle.dashboards.copy
chronicle.dashboards.create
chronicle.dashboards.delete
chronicle.dashboards.edit
chronicle.dashboards.get
chronicle.dashboards.list
chronicle.dashboards.schedule

chronicle.dataAccessLabels.*

chronicle.dataAccessLabels.create
chronicle.dataAccessLabels.delete
chronicle.dataAccessLabels.get
chronicle.dataAccessLabels.list
chronicle.dataAccessLabels.update

chronicle.dataAccessScopes.*

chronicle.dataAccessScopes.create
chronicle.dataAccessScopes.delete
chronicle.dataAccessScopes.get
chronicle.dataAccessScopes.list
chronicle.dataAccessScopes.permit
chronicle.dataAccessScopes.update

chronicle.dataExports.*

chronicle.dataExports.cancel
chronicle.dataExports.create
chronicle.dataExports.fetchLogTypesAvailableForExport
chronicle.dataExports.fetchServiceAccountForDataExport
chronicle.dataExports.get
chronicle.dataExports.list
chronicle.dataExports.update

chronicle.dataTableOperationErrors.get

chronicle.dataTableRows.*

chronicle.dataTableRows.asyncBulkAppend
chronicle.dataTableRows.asyncBulkCreate
chronicle.dataTableRows.asyncBulkReplace
chronicle.dataTableRows.asyncBulkUpdate
chronicle.dataTableRows.bulkCreate
chronicle.dataTableRows.bulkGet
chronicle.dataTableRows.bulkReplace
chronicle.dataTableRows.bulkUpdate
chronicle.dataTableRows.create
chronicle.dataTableRows.delete
chronicle.dataTableRows.get
chronicle.dataTableRows.list
chronicle.dataTableRows.update

chronicle.dataTables.*

chronicle.dataTables.bulkCreateDataTableAsync
chronicle.dataTables.create
chronicle.dataTables.delete
chronicle.dataTables.get
chronicle.dataTables.list
chronicle.dataTables.update

chronicle.dataTaps.*

chronicle.dataTaps.create
chronicle.dataTaps.delete
chronicle.dataTaps.get
chronicle.dataTaps.list
chronicle.dataTaps.update

chronicle.emailTemplates.*

chronicle.emailTemplates.delete
chronicle.emailTemplates.get
chronicle.emailTemplates.update

chronicle.enrichmentCombination.get

chronicle.enrichmentControls.*

chronicle.enrichmentControls.create
chronicle.enrichmentControls.delete
chronicle.enrichmentControls.disable
chronicle.enrichmentControls.get
chronicle.enrichmentControls.list

chronicle.entities.*

chronicle.entities.batchCreate
chronicle.entities.batchDelete
chronicle.entities.batchValidate
chronicle.entities.create
chronicle.entities.delete
chronicle.entities.find
chronicle.entities.findRelatedEntities
chronicle.entities.get
chronicle.entities.import
chronicle.entities.list
chronicle.entities.modifyEntityRiskScore
chronicle.entities.queryEntityRiskScoreModifications
chronicle.entities.searchEntities
chronicle.entities.summarize
chronicle.entities.summarizeFromQuery

chronicle.entitiesBlocklists.*

chronicle.entitiesBlocklists.delete
chronicle.entitiesBlocklists.get
chronicle.entitiesBlocklists.update

chronicle.entityRiskScores.queryEntityRiskScores

chronicle.environmentGroups.*

chronicle.environmentGroups.delete
chronicle.environmentGroups.get
chronicle.environmentGroups.update

chronicle.environments.*

chronicle.environments.delete
chronicle.environments.get
chronicle.environments.update

chronicle.events.*

chronicle.events.batchGet
chronicle.events.fetchEnrichedEvent
chronicle.events.findUdmFieldValues
chronicle.events.get
chronicle.events.import
chronicle.events.queryProductSourceStats
chronicle.events.searchRawLogs
chronicle.events.udmSearch
chronicle.events.validateQuery

chronicle.extensionValidationReports.*

chronicle.extensionValidationReports.get
chronicle.extensionValidationReports.list

chronicle.featuredContentNativeDashboards.*

chronicle.featuredContentNativeDashboards.get
chronicle.featuredContentNativeDashboards.install
chronicle.featuredContentNativeDashboards.list

chronicle.featuredContentRules.list

chronicle.featuredContentSearchQueries.*

chronicle.featuredContentSearchQueries.get
chronicle.featuredContentSearchQueries.install
chronicle.featuredContentSearchQueries.list

chronicle.feedPacks.*

chronicle.feedPacks.get
chronicle.feedPacks.list

chronicle.feedServiceAccounts.fetch

chronicle.feedSourceTypeSchemas.list

chronicle.feeds.*

chronicle.feeds.create
chronicle.feeds.delete
chronicle.feeds.disable
chronicle.feeds.enable
chronicle.feeds.generateSecret
chronicle.feeds.get
chronicle.feeds.list
chronicle.feeds.update

chronicle.findingsGraphs.*

chronicle.findingsGraphs.exploreNode
chronicle.findingsGraphs.initializeGraph

chronicle.findingsRefinementDeployments.*

chronicle.findingsRefinementDeployments.get
chronicle.findingsRefinementDeployments.list
chronicle.findingsRefinementDeployments.update

chronicle.findingsRefinements.*

chronicle.findingsRefinements.computeActivity
chronicle.findingsRefinements.computeAllActivities
chronicle.findingsRefinements.create
chronicle.findingsRefinements.get
chronicle.findingsRefinements.list
chronicle.findingsRefinements.test
chronicle.findingsRefinements.update

chronicle.formDynamicParameters.*

chronicle.formDynamicParameters.get
chronicle.formDynamicParameters.update

chronicle.forwarders.*

chronicle.forwarders.create
chronicle.forwarders.delete
chronicle.forwarders.generate
chronicle.forwarders.get
chronicle.forwarders.importStatsEvents
chronicle.forwarders.list
chronicle.forwarders.update

chronicle.globalDataAccessScopes.permit

chronicle.ingestionLogLabels.*

chronicle.ingestionLogLabels.get
chronicle.ingestionLogLabels.list

chronicle.ingestionLogNamespaces.*

chronicle.ingestionLogNamespaces.get
chronicle.ingestionLogNamespaces.list

chronicle.instances.generateCollectionAgentAuth

chronicle.instances.generateSoarAuthJwt

chronicle.instances.generateWorkspaceConnectionToken

chronicle.instances.get

chronicle.instances.graduatePocInstance

chronicle.instances.logTypeClassifier

chronicle.instances.report

chronicle.instances.soarAdmin

chronicle.instances.update

chronicle.instances.verifyNonce

chronicle.integrationActionRevisions.*

chronicle.integrationActionRevisions.delete
chronicle.integrationActionRevisions.get
chronicle.integrationActionRevisions.update

chronicle.integrationActions.*

chronicle.integrationActions.delete
chronicle.integrationActions.get
chronicle.integrationActions.run
chronicle.integrationActions.update

chronicle.integrationInstances.*

chronicle.integrationInstances.delete
chronicle.integrationInstances.get
chronicle.integrationInstances.update

chronicle.integrationLogicalOperatorRevisions.*

chronicle.integrationLogicalOperatorRevisions.delete
chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update

chronicle.integrationLogicalOperators.*

chronicle.integrationLogicalOperators.delete
chronicle.integrationLogicalOperators.execute
chronicle.integrationLogicalOperators.get
chronicle.integrationLogicalOperators.update

chronicle.integrations.*

chronicle.integrations.delete
chronicle.integrations.get
chronicle.integrations.update

chronicle.investigationSteps.*

chronicle.investigationSteps.get
chronicle.investigationSteps.list

chronicle.investigations.*

chronicle.investigations.fetchAssociated
chronicle.investigations.get
chronicle.investigations.list
chronicle.investigations.trigger

chronicle.involvedEntities.*

chronicle.involvedEntities.get
chronicle.involvedEntities.update

chronicle.iocAssociations.*

chronicle.iocAssociations.batchGet
chronicle.iocAssociations.fetchRelated
chronicle.iocAssociations.get

chronicle.iocMatches.*

chronicle.iocMatches.get
chronicle.iocMatches.list

chronicle.iocState.*

chronicle.iocState.get
chronicle.iocState.update

chronicle.iocs.*

chronicle.iocs.batchGet
chronicle.iocs.fetchRelated
chronicle.iocs.findFirstAndLastSeen
chronicle.iocs.findIocs
chronicle.iocs.get
chronicle.iocs.searchCuratedDetectionsForIoc

chronicle.jobInstanceLogs.get

chronicle.jobInstances.*

chronicle.jobInstances.delete
chronicle.jobInstances.get
chronicle.jobInstances.run
chronicle.jobInstances.update

chronicle.jobRevisions.*

chronicle.jobRevisions.delete
chronicle.jobRevisions.get
chronicle.jobRevisions.update

chronicle.jobs.*

chronicle.jobs.delete
chronicle.jobs.get
chronicle.jobs.update

chronicle.labsExperimentExecutions.*

chronicle.labsExperimentExecutions.get
chronicle.labsExperimentExecutions.list
chronicle.labsExperimentExecutions.update

chronicle.labsExperiments.*

chronicle.labsExperiments.execute
chronicle.labsExperiments.get
chronicle.labsExperiments.list
chronicle.labsExperiments.update

chronicle.legacies.*

chronicle.legacies.legacyBatchGetCases
chronicle.legacies.legacyBatchGetCollections
chronicle.legacies.legacyFetchAlertsView
chronicle.legacies.legacyFetchUdmSearchCsv
chronicle.legacies.legacyFetchUdmSearchView
chronicle.legacies.legacyFindAssetEvents
chronicle.legacies.legacyFindRawLogs
chronicle.legacies.legacyFindUdmEvents
chronicle.legacies.legacyGetAlert
chronicle.legacies.legacyGetCuratedRulesTrends
chronicle.legacies.legacyGetDetection
chronicle.legacies.legacyGetEventForDetection
chronicle.legacies.legacyGetRuleCounts
chronicle.legacies.legacyGetRulesTrends
chronicle.legacies.legacyRunTestRule
chronicle.legacies.legacySearchArtifactEvents
chronicle.legacies.legacySearchArtifactIoCDetails
chronicle.legacies.legacySearchAssetEvents
chronicle.legacies.legacySearchCuratedDetections
chronicle.legacies.legacySearchCustomerStats
chronicle.legacies.legacySearchDetections
chronicle.legacies.legacySearchDomainsRecentlyRegistered
chronicle.legacies.legacySearchDomainsTimingStats
chronicle.legacies.legacySearchEnterpriseWideAlerts
chronicle.legacies.legacySearchEnterpriseWideIoCs
chronicle.legacies.legacySearchFindings
chronicle.legacies.legacySearchIngestionStats
chronicle.legacies.legacySearchIoCInsights
chronicle.legacies.legacySearchRawLogs
chronicle.legacies.legacySearchRuleDetectionCountBuckets
chronicle.legacies.legacySearchRuleDetectionEvents
chronicle.legacies.legacySearchRuleResults
chronicle.legacies.legacySearchRulesAlerts
chronicle.legacies.legacySearchUserEvents
chronicle.legacies.legacyStreamDetectionAlerts
chronicle.legacies.legacyTestRuleStreaming
chronicle.legacies.legacyUpdateAlert

chronicle.legacyCaseFederationPlatforms.*

chronicle.legacyCaseFederationPlatforms.delete
chronicle.legacyCaseFederationPlatforms.get
chronicle.legacyCaseFederationPlatforms.update

chronicle.legacyCases.*

chronicle.legacyCases.createManual
chronicle.legacyCases.createSimulated
chronicle.legacyCases.deleteSimulated
chronicle.legacyCases.exportJson
chronicle.legacyCases.get
chronicle.legacyCases.getSimulated
chronicle.legacyCases.importJson
chronicle.legacyCases.ingest
chronicle.legacyCases.ingestAlertTestCase
chronicle.legacyCases.runManualAction
chronicle.legacyCases.simulate

chronicle.legacyConfiguration.getMaximumAlertsGroupingConfiguration

chronicle.legacyFederatedCases.*

chronicle.legacyFederatedCases.batchPatchFederatedCases
chronicle.legacyFederatedCases.fetchCasesToSync
chronicle.legacyFederatedCases.get

chronicle.legacyPlaybooks.*

chronicle.legacyPlaybooks.delete
chronicle.legacyPlaybooks.export
chronicle.legacyPlaybooks.get
chronicle.legacyPlaybooks.import
chronicle.legacyPlaybooks.update

chronicle.legacyPublisher.*

chronicle.legacyPublisher.get
chronicle.legacyPublisher.update

chronicle.legacySdk.*

chronicle.legacySdk.get
chronicle.legacySdk.update

chronicle.legacySearches.*

chronicle.legacySearches.searchCases
chronicle.legacySearches.searchEntities

chronicle.legacySoarAdvancedReports.*

chronicle.legacySoarAdvancedReports.delete
chronicle.legacySoarAdvancedReports.get
chronicle.legacySoarAdvancedReports.share
chronicle.legacySoarAdvancedReports.update

chronicle.legacySoarAudits.legacySoarAudit

chronicle.legacySoarDashboards.*

chronicle.legacySoarDashboards.delete
chronicle.legacySoarDashboards.get
chronicle.legacySoarDashboards.update

chronicle.legacySoarIdpMappingGroups.*

chronicle.legacySoarIdpMappingGroups.delete
chronicle.legacySoarIdpMappingGroups.get
chronicle.legacySoarIdpMappingGroups.update

chronicle.legacySoarPermissionGroups.get

chronicle.legacySoarReports.*

chronicle.legacySoarReports.delete
chronicle.legacySoarReports.get
chronicle.legacySoarReports.update

chronicle.legacySoarSettings.*

chronicle.legacySoarSettings.get
chronicle.legacySoarSettings.update

chronicle.legacySoarUsers.*

chronicle.legacySoarUsers.delete
chronicle.legacySoarUsers.get

chronicle.legacySystem.*

chronicle.legacySystem.getLicenseStatus
chronicle.legacySystem.getMaximumDataRetentionValue
chronicle.legacySystem.getSystemVersion

chronicle.legacySystemMetadata.*

chronicle.legacySystemMetadata.get
chronicle.legacySystemMetadata.placeholders

chronicle.logProcessingPipelines.*

chronicle.logProcessingPipelines.associateStreams
chronicle.logProcessingPipelines.create
chronicle.logProcessingPipelines.delete
chronicle.logProcessingPipelines.dissociateStreams
chronicle.logProcessingPipelines.fetchAssociatedPipeline
chronicle.logProcessingPipelines.fetchSampleLogsByStreams
chronicle.logProcessingPipelines.get
chronicle.logProcessingPipelines.list
chronicle.logProcessingPipelines.testPipeline
chronicle.logProcessingPipelines.update

chronicle.logTypeSchemas.list

chronicle.logTypeSettings.*

chronicle.logTypeSettings.get
chronicle.logTypeSettings.list
chronicle.logTypeSettings.update

chronicle.logTypes.*

chronicle.logTypes.create
chronicle.logTypes.get
chronicle.logTypes.list
chronicle.logTypes.update

chronicle.logs.*

chronicle.logs.export
chronicle.logs.get
chronicle.logs.import
chronicle.logs.list

chronicle.managerRevisions.*

chronicle.managerRevisions.delete
chronicle.managerRevisions.get
chronicle.managerRevisions.update

chronicle.managers.*

chronicle.managers.delete
chronicle.managers.get
chronicle.managers.update

chronicle.mappingRules.*

chronicle.mappingRules.delete
chronicle.mappingRules.get
chronicle.mappingRules.update

chronicle.marketplaceIntegrations.*

chronicle.marketplaceIntegrations.get
chronicle.marketplaceIntegrations.install
chronicle.marketplaceIntegrations.uninstall

chronicle.messages.*

chronicle.messages.create
chronicle.messages.delete
chronicle.messages.get
chronicle.messages.list
chronicle.messages.update

chronicle.moduleSettings.*

chronicle.moduleSettings.get
chronicle.moduleSettings.rebranding

chronicle.moduleSettingsProperties.*

chronicle.moduleSettingsProperties.get
chronicle.moduleSettingsProperties.testSettings
chronicle.moduleSettingsProperties.update

chronicle.multitenantDirectories.get

chronicle.nativeDashboards.*

chronicle.nativeDashboards.create
chronicle.nativeDashboards.delete
chronicle.nativeDashboards.duplicate
chronicle.nativeDashboards.get
chronicle.nativeDashboards.list
chronicle.nativeDashboards.update

chronicle.notebooks.*

chronicle.notebooks.get
chronicle.notebooks.list

chronicle.notificationSettings.*

chronicle.notificationSettings.get
chronicle.notificationSettings.update

chronicle.ontologyRecords.*

chronicle.ontologyRecords.get
chronicle.ontologyRecords.update

chronicle.operations.*

chronicle.operations.cancel
chronicle.operations.delete
chronicle.operations.get
chronicle.operations.list
chronicle.operations.streamSearch
chronicle.operations.wait

chronicle.parserExtensions.*

chronicle.parserExtensions.activate
chronicle.parserExtensions.create
chronicle.parserExtensions.delete
chronicle.parserExtensions.generateKeyValueMappings
chronicle.parserExtensions.get
chronicle.parserExtensions.legacySubmitParserExtension
chronicle.parserExtensions.list
chronicle.parserExtensions.removeSyslog

chronicle.parsers.*

chronicle.parsers.activate
chronicle.parsers.activateReleaseCandidate
chronicle.parsers.copyPrebuiltParser
chronicle.parsers.create
chronicle.parsers.deactivate
chronicle.parsers.delete
chronicle.parsers.generateEventTypesSuggestions
chronicle.parsers.get
chronicle.parsers.list
chronicle.parsers.runParser
chronicle.parsers.update

chronicle.parsingErrors.list

chronicle.preferenceSets.*

chronicle.preferenceSets.get
chronicle.preferenceSets.update

chronicle.propertySchemaDefinitions.*

chronicle.propertySchemaDefinitions.delete
chronicle.propertySchemaDefinitions.get
chronicle.propertySchemaDefinitions.update

chronicle.referenceLists.*

chronicle.referenceLists.create
chronicle.referenceLists.get
chronicle.referenceLists.list
chronicle.referenceLists.update
chronicle.referenceLists.verifyReferenceList

chronicle.remoteAgents.*

chronicle.remoteAgents.delete
chronicle.remoteAgents.get
chronicle.remoteAgents.update

chronicle.requestTemplates.*

chronicle.requestTemplates.delete
chronicle.requestTemplates.get
chronicle.requestTemplates.update

chronicle.retrohunts.*

chronicle.retrohunts.create
chronicle.retrohunts.get
chronicle.retrohunts.list

chronicle.riskConfigs.*

chronicle.riskConfigs.get
chronicle.riskConfigs.update

chronicle.ruleDeployments.*

chronicle.ruleDeployments.get
chronicle.ruleDeployments.list
chronicle.ruleDeployments.update

chronicle.ruleExecutionErrors.list

chronicle.rules.*

chronicle.rules.create
chronicle.rules.delete
chronicle.rules.get
chronicle.rules.list
chronicle.rules.listRevisions
chronicle.rules.update
chronicle.rules.verifyRuleText

chronicle.savedColumnSets.*

chronicle.savedColumnSets.create
chronicle.savedColumnSets.delete
chronicle.savedColumnSets.get
chronicle.savedColumnSets.list
chronicle.savedColumnSets.update

chronicle.searchQueries.*

chronicle.searchQueries.create
chronicle.searchQueries.delete
chronicle.searchQueries.get
chronicle.searchQueries.list
chronicle.searchQueries.update

chronicle.shareConfigs.*

chronicle.shareConfigs.get
chronicle.shareConfigs.update

chronicle.slaDefinitions.*

chronicle.slaDefinitions.delete
chronicle.slaDefinitions.get
chronicle.slaDefinitions.update

chronicle.soarDomains.*

chronicle.soarDomains.delete
chronicle.soarDomains.get
chronicle.soarDomains.update

chronicle.soarNetworks.*

chronicle.soarNetworks.delete
chronicle.soarNetworks.get
chronicle.soarNetworks.update

chronicle.socRoles.*

chronicle.socRoles.delete
chronicle.socRoles.get
chronicle.socRoles.update

chronicle.summaryTables.*

chronicle.summaryTables.create
chronicle.summaryTables.delete
chronicle.summaryTables.get
chronicle.summaryTables.list
chronicle.summaryTables.update

chronicle.systemNotifications.*

chronicle.systemNotifications.get
chronicle.systemNotifications.update

chronicle.tasks.*

chronicle.tasks.delete
chronicle.tasks.get
chronicle.tasks.update

chronicle.tenants.*

chronicle.tenants.create
chronicle.tenants.list
chronicle.tenants.update

chronicle.threatCollectionFilterSet.get

chronicle.threatCollections.*

chronicle.threatCollections.fetchEntityMetadata
chronicle.threatCollections.fetchIocMatchMetadata
chronicle.threatCollections.fetchRelated
chronicle.threatCollections.get
chronicle.threatCollections.list

chronicle.transformerDefinitions.*

chronicle.transformerDefinitions.create
chronicle.transformerDefinitions.delete
chronicle.transformerDefinitions.execute
chronicle.transformerDefinitions.get
chronicle.transformerDefinitions.list
chronicle.transformerDefinitions.update

chronicle.transformerRevisions.*

chronicle.transformerRevisions.delete
chronicle.transformerRevisions.get
chronicle.transformerRevisions.update

chronicle.uniqueEntities.*

chronicle.uniqueEntities.get
chronicle.uniqueEntities.update

chronicle.userLocalizations.*

chronicle.userLocalizations.get
chronicle.userLocalizations.update

chronicle.userNotifications.*

chronicle.userNotifications.get
chronicle.userNotifications.update

chronicle.validationErrors.list

chronicle.validationReports.get

chronicle.views.*

chronicle.views.get
chronicle.views.update

chronicle.visualFamilies.*

chronicle.visualFamilies.delete
chronicle.visualFamilies.get
chronicle.visualFamilies.update

chronicle.watchlists.*

chronicle.watchlists.create
chronicle.watchlists.delete
chronicle.watchlists.get
chronicle.watchlists.list
chronicle.watchlists.update

chronicle.webhooks.*

chronicle.webhooks.delete
chronicle.webhooks.get
chronicle.webhooks.update

chronicle.workdeskContacts.*

chronicle.workdeskContacts.delete
chronicle.workdeskContacts.get
chronicle.workdeskContacts.update

chronicle.workdeskLinks.*

chronicle.workdeskLinks.delete
chronicle.workdeskLinks.get
chronicle.workdeskLinks.update

chronicle.workdeskNotes.*

chronicle.workdeskNotes.delete
chronicle.workdeskNotes.get
chronicle.workdeskNotes.update

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.attackpaths.list

securitycenter.exposurepathexplan.get

securitycenter.findings.bulkMuteUpdate

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.findings.setMute

securitycenter.findings.setState

securitycenter.findings.update

securitycenter.findingsecuritymarks.update

securitycenter.simulations.get

securitycenter.userinterfacemetadata.get

securitycenter.valuedresources.list

Chronicle API Data Governor^Beta

(roles/chronicle.dataGovernor)

Grants elevated access to control the lifecycle of the Chronicle instance and its data.

chronicle.instances.delete

chronicle.instances.undelete

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle API Editor

(roles/chronicle.editor)

Modify Access to Chronicle API resources.

chronicle.ais.*

chronicle.ais.createFeedback
chronicle.ais.translateUdmQuery
chronicle.ais.translateYlRule

chronicle.analyticValues.list

chronicle.analytics.list

chronicle.announcements.get

chronicle.attachments.*

chronicle.attachments.delete
chronicle.attachments.get
chronicle.attachments.update

chronicle.bigQueryExport.get

chronicle.calculatedFieldDefinitions.get

chronicle.caseAlerts.*

chronicle.caseAlerts.get
chronicle.caseAlerts.metadataUpdate
chronicle.caseAlerts.move
chronicle.caseAlerts.updateSla

chronicle.caseCloseDefinitions.*

chronicle.caseCloseDefinitions.delete
chronicle.caseCloseDefinitions.get
chronicle.caseCloseDefinitions.update

chronicle.caseComments.*

chronicle.caseComments.delete
chronicle.caseComments.get
chronicle.caseComments.update

chronicle.caseQueueFilters.*

chronicle.caseQueueFilters.delete
chronicle.caseQueueFilters.get
chronicle.caseQueueFilters.update

chronicle.caseStageDefinitions.get

chronicle.caseTagDefinitions.*

chronicle.caseTagDefinitions.delete
chronicle.caseTagDefinitions.get
chronicle.caseTagDefinitions.update

chronicle.caseWallRecords.*

chronicle.caseWallRecords.get
chronicle.caseWallRecords.update

chronicle.cases.*

chronicle.cases.close
chronicle.cases.countPriorities
chronicle.cases.generateReport
chronicle.cases.get
chronicle.cases.removeTag
chronicle.cases.reopen
chronicle.cases.update
chronicle.cases.updateTag

chronicle.chatMessages.*

chronicle.chatMessages.create
chronicle.chatMessages.get
chronicle.chatMessages.pin

chronicle.collectors.get

chronicle.collectors.list

chronicle.connectorInstanceLogs.get

chronicle.connectorInstances.*

chronicle.connectorInstances.delete
chronicle.connectorInstances.get
chronicle.connectorInstances.update

chronicle.connectorRevisions.*

chronicle.connectorRevisions.delete
chronicle.connectorRevisions.get
chronicle.connectorRevisions.update

chronicle.contentPacks.*

chronicle.contentPacks.create
chronicle.contentPacks.delete
chronicle.contentPacks.export
chronicle.contentPacks.get
chronicle.contentPacks.install

chronicle.contextProperties.*

chronicle.contextProperties.delete
chronicle.contextProperties.get
chronicle.contextProperties.update

chronicle.conversations.*

chronicle.conversations.create
chronicle.conversations.delete
chronicle.conversations.get
chronicle.conversations.list
chronicle.conversations.update

chronicle.coverageDetails.*

chronicle.coverageDetails.get
chronicle.coverageDetails.list

chronicle.curatedRuleSetCategories.*

chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
chronicle.curatedRuleSetCategories.get
chronicle.curatedRuleSetCategories.list

chronicle.curatedRuleSetDeployments.*

chronicle.curatedRuleSetDeployments.batchUpdate
chronicle.curatedRuleSetDeployments.get
chronicle.curatedRuleSetDeployments.list
chronicle.curatedRuleSetDeployments.update

chronicle.curatedRuleSets.*

chronicle.curatedRuleSets.countCuratedRuleSetDetections
chronicle.curatedRuleSets.get
chronicle.curatedRuleSets.list

chronicle.curatedRules.*

chronicle.curatedRules.get
chronicle.curatedRules.list

chronicle.customFieldValues.*

chronicle.customFieldValues.get
chronicle.customFieldValues.update

chronicle.customFields.get

chronicle.customLists.get

chronicle.dashboardCharts.*

chronicle.dashboardCharts.get
chronicle.dashboardCharts.list

chronicle.dashboardQueries.*

chronicle.dashboardQueries.execute
chronicle.dashboardQueries.get
chronicle.dashboardQueries.list

chronicle.dashboardScheduledReports.*

chronicle.dashboardScheduledReports.create
chronicle.dashboardScheduledReports.delete
chronicle.dashboardScheduledReports.duplicate
chronicle.dashboardScheduledReports.fetchHistory
chronicle.dashboardScheduledReports.get
chronicle.dashboardScheduledReports.list
chronicle.dashboardScheduledReports.trigger
chronicle.dashboardScheduledReports.update

chronicle.dashboards.*

chronicle.dashboards.copy
chronicle.dashboards.create
chronicle.dashboards.delete
chronicle.dashboards.edit
chronicle.dashboards.get
chronicle.dashboards.list
chronicle.dashboards.schedule

chronicle.dataAccessScopes.list

chronicle.dataExports.*

chronicle.dataExports.cancel
chronicle.dataExports.create
chronicle.dataExports.fetchLogTypesAvailableForExport
chronicle.dataExports.fetchServiceAccountForDataExport
chronicle.dataExports.get
chronicle.dataExports.list
chronicle.dataExports.update

chronicle.dataTableOperationErrors.get

chronicle.dataTableRows.*

chronicle.dataTableRows.asyncBulkAppend
chronicle.dataTableRows.asyncBulkCreate
chronicle.dataTableRows.asyncBulkReplace
chronicle.dataTableRows.asyncBulkUpdate
chronicle.dataTableRows.bulkCreate
chronicle.dataTableRows.bulkGet
chronicle.dataTableRows.bulkReplace
chronicle.dataTableRows.bulkUpdate
chronicle.dataTableRows.create
chronicle.dataTableRows.delete
chronicle.dataTableRows.get
chronicle.dataTableRows.list
chronicle.dataTableRows.update

chronicle.dataTables.*

chronicle.dataTables.bulkCreateDataTableAsync
chronicle.dataTables.create
chronicle.dataTables.delete
chronicle.dataTables.get
chronicle.dataTables.list
chronicle.dataTables.update

chronicle.dataTaps.*

chronicle.dataTaps.create
chronicle.dataTaps.delete
chronicle.dataTaps.get
chronicle.dataTaps.list
chronicle.dataTaps.update

chronicle.emailTemplates.get

chronicle.enrichmentCombination.get

chronicle.enrichmentControls.create

chronicle.enrichmentControls.disable

chronicle.enrichmentControls.get

chronicle.enrichmentControls.list

chronicle.entities.*

chronicle.entities.batchCreate
chronicle.entities.batchDelete
chronicle.entities.batchValidate
chronicle.entities.create
chronicle.entities.delete
chronicle.entities.find
chronicle.entities.findRelatedEntities
chronicle.entities.get
chronicle.entities.import
chronicle.entities.list
chronicle.entities.modifyEntityRiskScore
chronicle.entities.queryEntityRiskScoreModifications
chronicle.entities.searchEntities
chronicle.entities.summarize
chronicle.entities.summarizeFromQuery

chronicle.entitiesBlocklists.get

chronicle.entityRiskScores.queryEntityRiskScores

chronicle.environmentGroups.get

chronicle.environments.get

chronicle.events.*

chronicle.events.batchGet
chronicle.events.fetchEnrichedEvent
chronicle.events.findUdmFieldValues
chronicle.events.get
chronicle.events.import
chronicle.events.queryProductSourceStats
chronicle.events.searchRawLogs
chronicle.events.udmSearch
chronicle.events.validateQuery

chronicle.featuredContentNativeDashboards.*

chronicle.featuredContentNativeDashboards.get
chronicle.featuredContentNativeDashboards.install
chronicle.featuredContentNativeDashboards.list

chronicle.featuredContentRules.list

chronicle.featuredContentSearchQueries.*

chronicle.featuredContentSearchQueries.get
chronicle.featuredContentSearchQueries.install
chronicle.featuredContentSearchQueries.list

chronicle.feedPacks.*

chronicle.feedPacks.get
chronicle.feedPacks.list

chronicle.findingsGraphs.*

chronicle.findingsGraphs.exploreNode
chronicle.findingsGraphs.initializeGraph

chronicle.findingsRefinementDeployments.*

chronicle.findingsRefinementDeployments.get
chronicle.findingsRefinementDeployments.list
chronicle.findingsRefinementDeployments.update

chronicle.findingsRefinements.*

chronicle.findingsRefinements.computeActivity
chronicle.findingsRefinements.computeAllActivities
chronicle.findingsRefinements.create
chronicle.findingsRefinements.get
chronicle.findingsRefinements.list
chronicle.findingsRefinements.test
chronicle.findingsRefinements.update

chronicle.formDynamicParameters.get

chronicle.forwarders.generate

chronicle.forwarders.get

chronicle.forwarders.importStatsEvents

chronicle.forwarders.list

chronicle.globalDataAccessScopes.permit

chronicle.ingestionLogLabels.*

chronicle.ingestionLogLabels.get
chronicle.ingestionLogLabels.list

chronicle.ingestionLogNamespaces.*

chronicle.ingestionLogNamespaces.get
chronicle.ingestionLogNamespaces.list

chronicle.instances.generateCollectionAgentAuth

chronicle.instances.generateSoarAuthJwt

chronicle.instances.get

chronicle.instances.logTypeClassifier

chronicle.instances.report

chronicle.integrationActionRevisions.*

chronicle.integrationActionRevisions.delete
chronicle.integrationActionRevisions.get
chronicle.integrationActionRevisions.update

chronicle.integrationActions.get

chronicle.integrationActions.run

chronicle.integrationActions.update

chronicle.integrationInstances.*

chronicle.integrationInstances.delete
chronicle.integrationInstances.get
chronicle.integrationInstances.update

chronicle.integrationLogicalOperatorRevisions.*

chronicle.integrationLogicalOperatorRevisions.delete
chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update

chronicle.integrationLogicalOperators.*

chronicle.integrationLogicalOperators.delete
chronicle.integrationLogicalOperators.execute
chronicle.integrationLogicalOperators.get
chronicle.integrationLogicalOperators.update

chronicle.integrations.get

chronicle.integrations.update

chronicle.investigationSteps.*

chronicle.investigationSteps.get
chronicle.investigationSteps.list

chronicle.investigations.*

chronicle.investigations.fetchAssociated
chronicle.investigations.get
chronicle.investigations.list
chronicle.investigations.trigger

chronicle.involvedEntities.*

chronicle.involvedEntities.get
chronicle.involvedEntities.update

chronicle.iocAssociations.*

chronicle.iocAssociations.batchGet
chronicle.iocAssociations.fetchRelated
chronicle.iocAssociations.get

chronicle.iocMatches.*

chronicle.iocMatches.get
chronicle.iocMatches.list

chronicle.iocState.*

chronicle.iocState.get
chronicle.iocState.update

chronicle.iocs.*

chronicle.iocs.batchGet
chronicle.iocs.fetchRelated
chronicle.iocs.findFirstAndLastSeen
chronicle.iocs.findIocs
chronicle.iocs.get
chronicle.iocs.searchCuratedDetectionsForIoc

chronicle.jobInstanceLogs.get

chronicle.jobInstances.*

chronicle.jobInstances.delete
chronicle.jobInstances.get
chronicle.jobInstances.run
chronicle.jobInstances.update

chronicle.jobRevisions.*

chronicle.jobRevisions.delete
chronicle.jobRevisions.get
chronicle.jobRevisions.update

chronicle.jobs.get

chronicle.jobs.update

chronicle.labsExperimentExecutions.*

chronicle.labsExperimentExecutions.get
chronicle.labsExperimentExecutions.list
chronicle.labsExperimentExecutions.update

chronicle.labsExperiments.*

chronicle.labsExperiments.execute
chronicle.labsExperiments.get
chronicle.labsExperiments.list
chronicle.labsExperiments.update

chronicle.legacies.*

chronicle.legacies.legacyBatchGetCases
chronicle.legacies.legacyBatchGetCollections
chronicle.legacies.legacyFetchAlertsView
chronicle.legacies.legacyFetchUdmSearchCsv
chronicle.legacies.legacyFetchUdmSearchView
chronicle.legacies.legacyFindAssetEvents
chronicle.legacies.legacyFindRawLogs
chronicle.legacies.legacyFindUdmEvents
chronicle.legacies.legacyGetAlert
chronicle.legacies.legacyGetCuratedRulesTrends
chronicle.legacies.legacyGetDetection
chronicle.legacies.legacyGetEventForDetection
chronicle.legacies.legacyGetRuleCounts
chronicle.legacies.legacyGetRulesTrends
chronicle.legacies.legacyRunTestRule
chronicle.legacies.legacySearchArtifactEvents
chronicle.legacies.legacySearchArtifactIoCDetails
chronicle.legacies.legacySearchAssetEvents
chronicle.legacies.legacySearchCuratedDetections
chronicle.legacies.legacySearchCustomerStats
chronicle.legacies.legacySearchDetections
chronicle.legacies.legacySearchDomainsRecentlyRegistered
chronicle.legacies.legacySearchDomainsTimingStats
chronicle.legacies.legacySearchEnterpriseWideAlerts
chronicle.legacies.legacySearchEnterpriseWideIoCs
chronicle.legacies.legacySearchFindings
chronicle.legacies.legacySearchIngestionStats
chronicle.legacies.legacySearchIoCInsights
chronicle.legacies.legacySearchRawLogs
chronicle.legacies.legacySearchRuleDetectionCountBuckets
chronicle.legacies.legacySearchRuleDetectionEvents
chronicle.legacies.legacySearchRuleResults
chronicle.legacies.legacySearchRulesAlerts
chronicle.legacies.legacySearchUserEvents
chronicle.legacies.legacyStreamDetectionAlerts
chronicle.legacies.legacyTestRuleStreaming
chronicle.legacies.legacyUpdateAlert

chronicle.legacyCases.*

chronicle.legacyCases.createManual
chronicle.legacyCases.createSimulated
chronicle.legacyCases.deleteSimulated
chronicle.legacyCases.exportJson
chronicle.legacyCases.get
chronicle.legacyCases.getSimulated
chronicle.legacyCases.importJson
chronicle.legacyCases.ingest
chronicle.legacyCases.ingestAlertTestCase
chronicle.legacyCases.runManualAction
chronicle.legacyCases.simulate

chronicle.legacyPlaybooks.*

chronicle.legacyPlaybooks.delete
chronicle.legacyPlaybooks.export
chronicle.legacyPlaybooks.get
chronicle.legacyPlaybooks.import
chronicle.legacyPlaybooks.update

chronicle.legacySearches.*

chronicle.legacySearches.searchCases
chronicle.legacySearches.searchEntities

chronicle.legacySoarAdvancedReports.*

chronicle.legacySoarAdvancedReports.delete
chronicle.legacySoarAdvancedReports.get
chronicle.legacySoarAdvancedReports.share
chronicle.legacySoarAdvancedReports.update

chronicle.legacySoarDashboards.*

chronicle.legacySoarDashboards.delete
chronicle.legacySoarDashboards.get
chronicle.legacySoarDashboards.update

chronicle.legacySoarReports.*

chronicle.legacySoarReports.delete
chronicle.legacySoarReports.get
chronicle.legacySoarReports.update

chronicle.legacySoarUsers.get

chronicle.legacySystemMetadata.get

chronicle.logProcessingPipelines.fetchAssociatedPipeline

chronicle.logProcessingPipelines.fetchSampleLogsByStreams

chronicle.logProcessingPipelines.get

chronicle.logProcessingPipelines.list

chronicle.logProcessingPipelines.testPipeline

chronicle.logTypeSchemas.list

chronicle.logs.*

chronicle.logs.export
chronicle.logs.get
chronicle.logs.import
chronicle.logs.list

chronicle.managerRevisions.*

chronicle.managerRevisions.delete
chronicle.managerRevisions.get
chronicle.managerRevisions.update

chronicle.managers.*

chronicle.managers.delete
chronicle.managers.get
chronicle.managers.update

chronicle.marketplaceIntegrations.*

chronicle.marketplaceIntegrations.get
chronicle.marketplaceIntegrations.install
chronicle.marketplaceIntegrations.uninstall

chronicle.messages.*

chronicle.messages.create
chronicle.messages.delete
chronicle.messages.get
chronicle.messages.list
chronicle.messages.update

chronicle.moduleSettings.*

chronicle.moduleSettings.get
chronicle.moduleSettings.rebranding

chronicle.multitenantDirectories.get

chronicle.nativeDashboards.*

chronicle.nativeDashboards.create
chronicle.nativeDashboards.delete
chronicle.nativeDashboards.duplicate
chronicle.nativeDashboards.get
chronicle.nativeDashboards.list
chronicle.nativeDashboards.update

chronicle.notebooks.*

chronicle.notebooks.get
chronicle.notebooks.list

chronicle.notificationSettings.*

chronicle.notificationSettings.get
chronicle.notificationSettings.update

chronicle.ontologyRecords.get

chronicle.operations.*

chronicle.operations.cancel
chronicle.operations.delete
chronicle.operations.get
chronicle.operations.list
chronicle.operations.streamSearch
chronicle.operations.wait

chronicle.preferenceSets.*

chronicle.preferenceSets.get
chronicle.preferenceSets.update

chronicle.referenceLists.*

chronicle.referenceLists.create
chronicle.referenceLists.get
chronicle.referenceLists.list
chronicle.referenceLists.update
chronicle.referenceLists.verifyReferenceList

chronicle.remoteAgents.*

chronicle.remoteAgents.delete
chronicle.remoteAgents.get
chronicle.remoteAgents.update

chronicle.requestTemplates.get

chronicle.retrohunts.*

chronicle.retrohunts.create
chronicle.retrohunts.get
chronicle.retrohunts.list

chronicle.riskConfigs.*

chronicle.riskConfigs.get
chronicle.riskConfigs.update

chronicle.ruleDeployments.*

chronicle.ruleDeployments.get
chronicle.ruleDeployments.list
chronicle.ruleDeployments.update

chronicle.ruleExecutionErrors.list

chronicle.rules.create

chronicle.rules.get

chronicle.rules.list

chronicle.rules.listRevisions

chronicle.rules.update

chronicle.rules.verifyRuleText

chronicle.savedColumnSets.*

chronicle.savedColumnSets.create
chronicle.savedColumnSets.delete
chronicle.savedColumnSets.get
chronicle.savedColumnSets.list
chronicle.savedColumnSets.update

chronicle.searchQueries.*

chronicle.searchQueries.create
chronicle.searchQueries.delete
chronicle.searchQueries.get
chronicle.searchQueries.list
chronicle.searchQueries.update

chronicle.soarDomains.get

chronicle.soarNetworks.get

chronicle.summaryTables.*

chronicle.summaryTables.create
chronicle.summaryTables.delete
chronicle.summaryTables.get
chronicle.summaryTables.list
chronicle.summaryTables.update

chronicle.tasks.*

chronicle.tasks.delete
chronicle.tasks.get
chronicle.tasks.update

chronicle.threatCollectionFilterSet.get

chronicle.threatCollections.*

chronicle.threatCollections.fetchEntityMetadata
chronicle.threatCollections.fetchIocMatchMetadata
chronicle.threatCollections.fetchRelated
chronicle.threatCollections.get
chronicle.threatCollections.list

chronicle.transformerDefinitions.*

chronicle.transformerDefinitions.create
chronicle.transformerDefinitions.delete
chronicle.transformerDefinitions.execute
chronicle.transformerDefinitions.get
chronicle.transformerDefinitions.list
chronicle.transformerDefinitions.update

chronicle.transformerRevisions.*

chronicle.transformerRevisions.delete
chronicle.transformerRevisions.get
chronicle.transformerRevisions.update

chronicle.uniqueEntities.*

chronicle.uniqueEntities.get
chronicle.uniqueEntities.update

chronicle.userLocalizations.*

chronicle.userLocalizations.get
chronicle.userLocalizations.update

chronicle.userNotifications.*

chronicle.userNotifications.get
chronicle.userNotifications.update

chronicle.visualFamilies.get

chronicle.watchlists.*

chronicle.watchlists.create
chronicle.watchlists.delete
chronicle.watchlists.get
chronicle.watchlists.list
chronicle.watchlists.update

chronicle.webhooks.*

chronicle.webhooks.delete
chronicle.webhooks.get
chronicle.webhooks.update

chronicle.workdeskContacts.*

chronicle.workdeskContacts.delete
chronicle.workdeskContacts.get
chronicle.workdeskContacts.update

chronicle.workdeskLinks.*

chronicle.workdeskLinks.delete
chronicle.workdeskLinks.get
chronicle.workdeskLinks.update

chronicle.workdeskNotes.*

chronicle.workdeskNotes.delete
chronicle.workdeskNotes.get
chronicle.workdeskNotes.update

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle API Federation Admin^Beta

(roles/chronicle.federationAdmin)

Full access to Chronicle Federation features.

chronicle.federationGroups.*

chronicle.federationGroups.create
chronicle.federationGroups.delete
chronicle.federationGroups.get
chronicle.federationGroups.list
chronicle.federationGroups.update

chronicle.instances.permitFederationAccess

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle API Federation Viewer^Beta

(roles/chronicle.federationViewer)

Readonly access to Chronicle Federation Features.

chronicle.federationGroups.get

chronicle.federationGroups.list

chronicle.instances.permitFederationAccess

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle API Global Data Access^Beta

(roles/chronicle.globalDataAccess)

Grants global access to data i.e. all data can be accessed.

chronicle.globalDataAccessScopes.permit

Chronicle API Limited Viewer

(roles/chronicle.limitedViewer)

Grants read-only access to Chronicle API resources, excluding Rules and Retrohunts.

chronicle.analyticValues.list

chronicle.analytics.list

chronicle.cases.countPriorities

chronicle.conversations.get

chronicle.conversations.list

chronicle.coverageDetails.*

chronicle.coverageDetails.get
chronicle.coverageDetails.list

chronicle.dashboardCharts.*

chronicle.dashboardCharts.get
chronicle.dashboardCharts.list

chronicle.dashboardQueries.*

chronicle.dashboardQueries.execute
chronicle.dashboardQueries.get
chronicle.dashboardQueries.list

chronicle.dashboards.get

chronicle.dashboards.list

chronicle.dashboards.schedule

chronicle.dataAccessScopes.list

chronicle.enrichmentCombination.get

chronicle.enrichmentControls.get

chronicle.enrichmentControls.list

chronicle.entities.find

chronicle.entities.findRelatedEntities

chronicle.entities.get

chronicle.entities.queryEntityRiskScoreModifications

chronicle.entities.searchEntities

chronicle.entities.summarize

chronicle.entities.summarizeFromQuery

chronicle.entityRiskScores.queryEntityRiskScores

chronicle.events.batchGet

chronicle.events.fetchEnrichedEvent

chronicle.events.findUdmFieldValues

chronicle.events.get

chronicle.events.queryProductSourceStats

chronicle.events.searchRawLogs

chronicle.events.udmSearch

chronicle.events.validateQuery

chronicle.featuredContentNativeDashboards.get

chronicle.featuredContentNativeDashboards.list

chronicle.featuredContentSearchQueries.get

chronicle.featuredContentSearchQueries.list

chronicle.findingsGraphs.*

chronicle.findingsGraphs.exploreNode
chronicle.findingsGraphs.initializeGraph

chronicle.findingsRefinementDeployments.get

chronicle.findingsRefinementDeployments.list

chronicle.findingsRefinements.computeActivity

chronicle.findingsRefinements.computeAllActivities

chronicle.findingsRefinements.get

chronicle.findingsRefinements.list

chronicle.findingsRefinements.test

chronicle.globalDataAccessScopes.permit

chronicle.ingestionLogLabels.*

chronicle.ingestionLogLabels.get
chronicle.ingestionLogLabels.list

chronicle.ingestionLogNamespaces.*

chronicle.ingestionLogNamespaces.get
chronicle.ingestionLogNamespaces.list

chronicle.instances.get

chronicle.investigationSteps.*

chronicle.investigationSteps.get
chronicle.investigationSteps.list

chronicle.iocAssociations.*

chronicle.iocAssociations.batchGet
chronicle.iocAssociations.fetchRelated
chronicle.iocAssociations.get

chronicle.iocs.fetchRelated

chronicle.iocs.findIocs

chronicle.legacies.legacyBatchGetCases

chronicle.legacies.legacyBatchGetCollections

chronicle.legacies.legacyFetchAlertsView

chronicle.legacies.legacyFetchUdmSearchCsv

chronicle.legacies.legacyFetchUdmSearchView

chronicle.legacies.legacyFindAssetEvents

chronicle.legacies.legacyFindRawLogs

chronicle.legacies.legacyFindUdmEvents

chronicle.legacies.legacyGetAlert

chronicle.legacies.legacySearchArtifactEvents

chronicle.legacies.legacySearchArtifactIoCDetails

chronicle.legacies.legacySearchAssetEvents

chronicle.legacies.legacySearchCustomerStats

chronicle.legacies.legacySearchDomainsRecentlyRegistered

chronicle.legacies.legacySearchDomainsTimingStats

chronicle.legacies.legacySearchEnterpriseWideAlerts

chronicle.legacies.legacySearchEnterpriseWideIoCs

chronicle.legacies.legacySearchFindings

chronicle.legacies.legacySearchIngestionStats

chronicle.legacies.legacySearchIoCInsights

chronicle.legacies.legacySearchRawLogs

chronicle.legacies.legacySearchUserEvents

chronicle.logTypeSchemas.list

chronicle.logs.export

chronicle.logs.get

chronicle.logs.list

chronicle.messages.get

chronicle.messages.list

chronicle.multitenantDirectories.get

chronicle.nativeDashboards.get

chronicle.nativeDashboards.list

chronicle.notebooks.*

chronicle.notebooks.get
chronicle.notebooks.list

chronicle.operations.get

chronicle.operations.list

chronicle.operations.streamSearch

chronicle.operations.wait

chronicle.preferenceSets.*

chronicle.preferenceSets.get
chronicle.preferenceSets.update

chronicle.searchQueries.*

chronicle.searchQueries.create
chronicle.searchQueries.delete
chronicle.searchQueries.get
chronicle.searchQueries.list
chronicle.searchQueries.update

chronicle.threatCollectionFilterSet.get

chronicle.threatCollections.*

chronicle.threatCollections.fetchEntityMetadata
chronicle.threatCollections.fetchIocMatchMetadata
chronicle.threatCollections.fetchRelated
chronicle.threatCollections.get
chronicle.threatCollections.list

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle API Restricted Data Access^Beta

(roles/chronicle.restrictedDataAccess)

Grants access to data controlled by Data Access Scopes. Intended to be refined by IAM Conditions.

chronicle.dataAccessScopes.permit

Chronicle API Restricted Data Access Viewer^Beta

(roles/chronicle.restrictedDataAccessViewer)

Grants readonly access to Chronicle API resources without global data access scope.

chronicle.ais.*

chronicle.ais.createFeedback
chronicle.ais.translateUdmQuery
chronicle.ais.translateYlRule

chronicle.dashboardCharts.*

chronicle.dashboardCharts.get
chronicle.dashboardCharts.list

chronicle.dashboardQueries.*

chronicle.dashboardQueries.execute
chronicle.dashboardQueries.get
chronicle.dashboardQueries.list

chronicle.dataAccessScopes.list

chronicle.dataTableRows.bulkGet

chronicle.dataTableRows.get

chronicle.dataTableRows.list

chronicle.dataTables.get

chronicle.dataTables.list

chronicle.enrichmentCombination.get

chronicle.enrichmentControls.get

chronicle.enrichmentControls.list

chronicle.entities.find

chronicle.entities.findRelatedEntities

chronicle.entities.get

chronicle.entities.list

chronicle.entities.searchEntities

chronicle.entities.summarize

chronicle.entities.summarizeFromQuery

chronicle.events.batchGet

chronicle.events.fetchEnrichedEvent

chronicle.events.findUdmFieldValues

chronicle.events.get

chronicle.events.queryProductSourceStats

chronicle.events.searchRawLogs

chronicle.events.udmSearch

chronicle.events.validateQuery

chronicle.featuredContentNativeDashboards.get

chronicle.featuredContentNativeDashboards.list

chronicle.featuredContentSearchQueries.get

chronicle.featuredContentSearchQueries.list

chronicle.findingsGraphs.*

chronicle.findingsGraphs.exploreNode
chronicle.findingsGraphs.initializeGraph

chronicle.instances.generateCollectionAgentAuth

chronicle.instances.generateSoarAuthJwt

chronicle.instances.get

chronicle.instances.report

chronicle.legacies.legacyBatchGetCases

chronicle.legacies.legacyBatchGetCollections

chronicle.legacies.legacyFetchAlertsView

chronicle.legacies.legacyFetchUdmSearchCsv

chronicle.legacies.legacyFetchUdmSearchView

chronicle.legacies.legacyFindAssetEvents

chronicle.legacies.legacyFindRawLogs

chronicle.legacies.legacyFindUdmEvents

chronicle.legacies.legacyGetAlert

chronicle.legacies.legacyGetRuleCounts

chronicle.legacies.legacyGetRulesTrends

chronicle.legacies.legacyRunTestRule

chronicle.legacies.legacySearchArtifactEvents

chronicle.legacies.legacySearchArtifactIoCDetails

chronicle.legacies.legacySearchAssetEvents

chronicle.legacies.legacySearchCustomerStats

chronicle.legacies.legacySearchDomainsRecentlyRegistered

chronicle.legacies.legacySearchDomainsTimingStats

chronicle.legacies.legacySearchFindings

chronicle.legacies.legacySearchIngestionStats

chronicle.legacies.legacySearchIoCInsights

chronicle.legacies.legacySearchRawLogs

chronicle.legacies.legacySearchRuleDetectionCountBuckets

chronicle.legacies.legacySearchRuleDetectionEvents

chronicle.legacies.legacySearchRuleResults

chronicle.legacies.legacySearchRulesAlerts

chronicle.legacies.legacySearchUserEvents

chronicle.logs.get

chronicle.logs.list

chronicle.multitenantDirectories.get

chronicle.nativeDashboards.get

chronicle.nativeDashboards.list

chronicle.operations.get

chronicle.operations.list

chronicle.operations.streamSearch

chronicle.operations.wait

chronicle.preferenceSets.*

chronicle.preferenceSets.get
chronicle.preferenceSets.update

chronicle.referenceLists.get

chronicle.referenceLists.list

chronicle.referenceLists.verifyReferenceList

chronicle.retrohunts.get

chronicle.retrohunts.list

chronicle.ruleDeployments.get

chronicle.ruleDeployments.list

chronicle.ruleExecutionErrors.list

chronicle.rules.get

chronicle.rules.list

chronicle.rules.listRevisions

chronicle.rules.verifyRuleText

chronicle.searchQueries.*

chronicle.searchQueries.create
chronicle.searchQueries.delete
chronicle.searchQueries.get
chronicle.searchQueries.list
chronicle.searchQueries.update

chronicle.summaryTables.get

chronicle.summaryTables.list

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle Service Agent

(roles/chronicle.serviceAgent)

Grants Chronicle global data access to customer project

Warning: Do not grant service agent roles to any principals except service agents.

bigquery.connections.create

bigquery.connections.delegate

bigquery.connections.delete

bigquery.connections.get

bigquery.connections.getIamPolicy

bigquery.connections.list

bigquery.connections.update

bigquery.connections.updateTag

bigquery.connections.use

bigquery.datasets.create

bigquery.jobs.create

bigquery.jobs.get

bigquery.tables.create

bigquery.tables.delete

bigquery.tables.get

bigquery.tables.update

bigquery.tables.updateData

chronicle.caseComments.update

chronicle.conversations.create

chronicle.dashboards.copy

chronicle.dashboards.create

chronicle.dashboards.get

chronicle.dashboards.list

chronicle.dataTableRows.bulkCreate

chronicle.dataTableRows.delete

chronicle.dataTableRows.list

chronicle.dataTables.get

chronicle.dataTables.list

chronicle.entities.findRelatedEntities

chronicle.entities.summarize

chronicle.entities.summarizeFromQuery

chronicle.events.udmSearch

chronicle.globalDataAccessScopes.permit

chronicle.instances.get

chronicle.investigations.get

chronicle.investigations.list

chronicle.investigations.trigger

chronicle.legacies.legacyGetDetection

chronicle.legacies.legacySearchArtifactIoCDetails

chronicle.legacies.legacySearchAssetEvents

chronicle.legacies.legacySearchCuratedDetections

chronicle.legacies.legacySearchDetections

chronicle.legacies.legacySearchEnterpriseWideIoCs

chronicle.legacies.legacyStreamDetectionAlerts

chronicle.legacies.legacyUpdateAlert

chronicle.legacySdk.*

chronicle.legacySdk.get
chronicle.legacySdk.update

chronicle.messages.create

chronicle.messages.delete

chronicle.preferenceSets.update

chronicle.referenceLists.get

chronicle.referenceLists.list

chronicle.referenceLists.update

chronicle.retrohunts.create

chronicle.rules.get

logging.logEntries.create

logging.logEntries.route

monitoring.alertPolicies.create

monitoring.alertPolicies.delete

monitoring.alertPolicies.get

monitoring.alertPolicies.list

monitoring.alertPolicies.update

resourcemanager.projects.get

serviceusage.operations.get

serviceusage.quotas.get

serviceusage.services.enable

serviceusage.services.get

serviceusage.services.list

storage.buckets.create

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.setIamPolicy

storage.objects.create

storage.objects.delete

storage.objects.get

storage.objects.list

Chronicle SOAR Admin^Beta

(roles/chronicle.soarAdmin)

Grants admin access to Chronicle SOAR.

chronicle.alertGroupingRules.*

chronicle.alertGroupingRules.delete
chronicle.alertGroupingRules.get
chronicle.alertGroupingRules.update

chronicle.announcements.*

chronicle.announcements.delete
chronicle.announcements.get
chronicle.announcements.update

chronicle.attachments.*

chronicle.attachments.delete
chronicle.attachments.get
chronicle.attachments.update

chronicle.calculatedFieldDefinitions.*

chronicle.calculatedFieldDefinitions.delete
chronicle.calculatedFieldDefinitions.get
chronicle.calculatedFieldDefinitions.update

chronicle.caseAlerts.*

chronicle.caseAlerts.get
chronicle.caseAlerts.metadataUpdate
chronicle.caseAlerts.move
chronicle.caseAlerts.updateSla

chronicle.caseCloseDefinitions.*

chronicle.caseCloseDefinitions.delete
chronicle.caseCloseDefinitions.get
chronicle.caseCloseDefinitions.update

chronicle.caseComments.*

chronicle.caseComments.delete
chronicle.caseComments.get
chronicle.caseComments.update

chronicle.caseQueueFilters.*

chronicle.caseQueueFilters.delete
chronicle.caseQueueFilters.get
chronicle.caseQueueFilters.update

chronicle.caseStageDefinitions.*

chronicle.caseStageDefinitions.delete
chronicle.caseStageDefinitions.get
chronicle.caseStageDefinitions.update

chronicle.caseTagDefinitions.*

chronicle.caseTagDefinitions.delete
chronicle.caseTagDefinitions.get
chronicle.caseTagDefinitions.update

chronicle.caseWallRecords.*

chronicle.caseWallRecords.get
chronicle.caseWallRecords.update

chronicle.cases.*

chronicle.cases.close
chronicle.cases.countPriorities
chronicle.cases.generateReport
chronicle.cases.get
chronicle.cases.removeTag
chronicle.cases.reopen
chronicle.cases.update
chronicle.cases.updateTag

chronicle.chatMessages.*

chronicle.chatMessages.create
chronicle.chatMessages.get
chronicle.chatMessages.pin

chronicle.connectorInstanceLogs.get

chronicle.connectorInstances.*

chronicle.connectorInstances.delete
chronicle.connectorInstances.get
chronicle.connectorInstances.update

chronicle.connectorRevisions.*

chronicle.connectorRevisions.delete
chronicle.connectorRevisions.get
chronicle.connectorRevisions.update

chronicle.connectors.*

chronicle.connectors.delete
chronicle.connectors.get
chronicle.connectors.update

chronicle.contentPacks.*

chronicle.contentPacks.create
chronicle.contentPacks.delete
chronicle.contentPacks.export
chronicle.contentPacks.get
chronicle.contentPacks.install

chronicle.contextProperties.*

chronicle.contextProperties.delete
chronicle.contextProperties.get
chronicle.contextProperties.update

chronicle.customFieldValues.*

chronicle.customFieldValues.get
chronicle.customFieldValues.update

chronicle.customFields.*

chronicle.customFields.delete
chronicle.customFields.get
chronicle.customFields.update

chronicle.customLists.*

chronicle.customLists.delete
chronicle.customLists.get
chronicle.customLists.update

chronicle.dataAccessScopes.list

chronicle.emailTemplates.*

chronicle.emailTemplates.delete
chronicle.emailTemplates.get
chronicle.emailTemplates.update

chronicle.entitiesBlocklists.*

chronicle.entitiesBlocklists.delete
chronicle.entitiesBlocklists.get
chronicle.entitiesBlocklists.update

chronicle.environmentGroups.*

chronicle.environmentGroups.delete
chronicle.environmentGroups.get
chronicle.environmentGroups.update

chronicle.environments.*

chronicle.environments.delete
chronicle.environments.get
chronicle.environments.update

chronicle.formDynamicParameters.*

chronicle.formDynamicParameters.get
chronicle.formDynamicParameters.update

chronicle.instances.generateSoarAuthJwt

chronicle.instances.get

chronicle.instances.soarAdmin

chronicle.integrationActionRevisions.*

chronicle.integrationActionRevisions.delete
chronicle.integrationActionRevisions.get
chronicle.integrationActionRevisions.update

chronicle.integrationActions.*

chronicle.integrationActions.delete
chronicle.integrationActions.get
chronicle.integrationActions.run
chronicle.integrationActions.update

chronicle.integrationInstances.*

chronicle.integrationInstances.delete
chronicle.integrationInstances.get
chronicle.integrationInstances.update

chronicle.integrationLogicalOperatorRevisions.*

chronicle.integrationLogicalOperatorRevisions.delete
chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update

chronicle.integrationLogicalOperators.*

chronicle.integrationLogicalOperators.delete
chronicle.integrationLogicalOperators.execute
chronicle.integrationLogicalOperators.get
chronicle.integrationLogicalOperators.update

chronicle.integrations.*

chronicle.integrations.delete
chronicle.integrations.get
chronicle.integrations.update

chronicle.involvedEntities.*

chronicle.involvedEntities.get
chronicle.involvedEntities.update

chronicle.jobInstanceLogs.get

chronicle.jobInstances.*

chronicle.jobInstances.delete
chronicle.jobInstances.get
chronicle.jobInstances.run
chronicle.jobInstances.update

chronicle.jobRevisions.*

chronicle.jobRevisions.delete
chronicle.jobRevisions.get
chronicle.jobRevisions.update

chronicle.jobs.*

chronicle.jobs.delete
chronicle.jobs.get
chronicle.jobs.update

chronicle.legacyCaseFederationPlatforms.*

chronicle.legacyCaseFederationPlatforms.delete
chronicle.legacyCaseFederationPlatforms.get
chronicle.legacyCaseFederationPlatforms.update

chronicle.legacyCases.*

chronicle.legacyCases.createManual
chronicle.legacyCases.createSimulated
chronicle.legacyCases.deleteSimulated
chronicle.legacyCases.exportJson
chronicle.legacyCases.get
chronicle.legacyCases.getSimulated
chronicle.legacyCases.importJson
chronicle.legacyCases.ingest
chronicle.legacyCases.ingestAlertTestCase
chronicle.legacyCases.runManualAction
chronicle.legacyCases.simulate

chronicle.legacyConfiguration.getMaximumAlertsGroupingConfiguration

chronicle.legacyFederatedCases.*

chronicle.legacyFederatedCases.batchPatchFederatedCases
chronicle.legacyFederatedCases.fetchCasesToSync
chronicle.legacyFederatedCases.get

chronicle.legacyPlaybooks.*

chronicle.legacyPlaybooks.delete
chronicle.legacyPlaybooks.export
chronicle.legacyPlaybooks.get
chronicle.legacyPlaybooks.import
chronicle.legacyPlaybooks.update

chronicle.legacyPublisher.*

chronicle.legacyPublisher.get
chronicle.legacyPublisher.update

chronicle.legacySdk.*

chronicle.legacySdk.get
chronicle.legacySdk.update

chronicle.legacySearches.*

chronicle.legacySearches.searchCases
chronicle.legacySearches.searchEntities

chronicle.legacySoarAdvancedReports.*

chronicle.legacySoarAdvancedReports.delete
chronicle.legacySoarAdvancedReports.get
chronicle.legacySoarAdvancedReports.share
chronicle.legacySoarAdvancedReports.update

chronicle.legacySoarAudits.legacySoarAudit

chronicle.legacySoarDashboards.*

chronicle.legacySoarDashboards.delete
chronicle.legacySoarDashboards.get
chronicle.legacySoarDashboards.update

chronicle.legacySoarIdpMappingGroups.*

chronicle.legacySoarIdpMappingGroups.delete
chronicle.legacySoarIdpMappingGroups.get
chronicle.legacySoarIdpMappingGroups.update

chronicle.legacySoarPermissionGroups.get

chronicle.legacySoarReports.*

chronicle.legacySoarReports.delete
chronicle.legacySoarReports.get
chronicle.legacySoarReports.update

chronicle.legacySoarSettings.*

chronicle.legacySoarSettings.get
chronicle.legacySoarSettings.update

chronicle.legacySoarUsers.*

chronicle.legacySoarUsers.delete
chronicle.legacySoarUsers.get

chronicle.legacySystem.*

chronicle.legacySystem.getLicenseStatus
chronicle.legacySystem.getMaximumDataRetentionValue
chronicle.legacySystem.getSystemVersion

chronicle.legacySystemMetadata.*

chronicle.legacySystemMetadata.get
chronicle.legacySystemMetadata.placeholders

chronicle.managerRevisions.*

chronicle.managerRevisions.delete
chronicle.managerRevisions.get
chronicle.managerRevisions.update

chronicle.managers.*

chronicle.managers.delete
chronicle.managers.get
chronicle.managers.update

chronicle.mappingRules.*

chronicle.mappingRules.delete
chronicle.mappingRules.get
chronicle.mappingRules.update

chronicle.marketplaceIntegrations.*

chronicle.marketplaceIntegrations.get
chronicle.marketplaceIntegrations.install
chronicle.marketplaceIntegrations.uninstall

chronicle.moduleSettings.*

chronicle.moduleSettings.get
chronicle.moduleSettings.rebranding

chronicle.moduleSettingsProperties.*

chronicle.moduleSettingsProperties.get
chronicle.moduleSettingsProperties.testSettings
chronicle.moduleSettingsProperties.update

chronicle.notificationSettings.*

chronicle.notificationSettings.get
chronicle.notificationSettings.update

chronicle.ontologyRecords.*

chronicle.ontologyRecords.get
chronicle.ontologyRecords.update

chronicle.preferenceSets.get

chronicle.propertySchemaDefinitions.*

chronicle.propertySchemaDefinitions.delete
chronicle.propertySchemaDefinitions.get
chronicle.propertySchemaDefinitions.update

chronicle.remoteAgents.*

chronicle.remoteAgents.delete
chronicle.remoteAgents.get
chronicle.remoteAgents.update

chronicle.requestTemplates.*

chronicle.requestTemplates.delete
chronicle.requestTemplates.get
chronicle.requestTemplates.update

chronicle.slaDefinitions.*

chronicle.slaDefinitions.delete
chronicle.slaDefinitions.get
chronicle.slaDefinitions.update

chronicle.soarDomains.*

chronicle.soarDomains.delete
chronicle.soarDomains.get
chronicle.soarDomains.update

chronicle.soarNetworks.*

chronicle.soarNetworks.delete
chronicle.soarNetworks.get
chronicle.soarNetworks.update

chronicle.socRoles.*

chronicle.socRoles.delete
chronicle.socRoles.get
chronicle.socRoles.update

chronicle.systemNotifications.*

chronicle.systemNotifications.get
chronicle.systemNotifications.update

chronicle.tasks.*

chronicle.tasks.delete
chronicle.tasks.get
chronicle.tasks.update

chronicle.transformerDefinitions.*

chronicle.transformerDefinitions.create
chronicle.transformerDefinitions.delete
chronicle.transformerDefinitions.execute
chronicle.transformerDefinitions.get
chronicle.transformerDefinitions.list
chronicle.transformerDefinitions.update

chronicle.transformerRevisions.*

chronicle.transformerRevisions.delete
chronicle.transformerRevisions.get
chronicle.transformerRevisions.update

chronicle.uniqueEntities.*

chronicle.uniqueEntities.get
chronicle.uniqueEntities.update

chronicle.userLocalizations.*

chronicle.userLocalizations.get
chronicle.userLocalizations.update

chronicle.userNotifications.*

chronicle.userNotifications.get
chronicle.userNotifications.update

chronicle.views.*

chronicle.views.get
chronicle.views.update

chronicle.visualFamilies.*

chronicle.visualFamilies.delete
chronicle.visualFamilies.get
chronicle.visualFamilies.update

chronicle.webhooks.*

chronicle.webhooks.delete
chronicle.webhooks.get
chronicle.webhooks.update

chronicle.workdeskContacts.*

chronicle.workdeskContacts.delete
chronicle.workdeskContacts.get
chronicle.workdeskContacts.update

chronicle.workdeskLinks.*

chronicle.workdeskLinks.delete
chronicle.workdeskLinks.get
chronicle.workdeskLinks.update

chronicle.workdeskNotes.*

chronicle.workdeskNotes.delete
chronicle.workdeskNotes.get
chronicle.workdeskNotes.update

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.attackpaths.list

securitycenter.exposurepathexplan.get

securitycenter.findings.bulkMuteUpdate

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.findings.setMute

securitycenter.findings.setState

securitycenter.findings.update

securitycenter.findingsecuritymarks.update

securitycenter.simulations.get

securitycenter.userinterfacemetadata.get

securitycenter.valuedresources.list

Chronicle SOAR Remote Agent^Beta

(roles/chronicle.soarRemoteAgent)

Grants Remote Agent access to Chronicle SOAR.

chronicle.legacyPublisher.*

chronicle.legacyPublisher.get
chronicle.legacyPublisher.update

chronicle.legacySdk.*

chronicle.legacySdk.get
chronicle.legacySdk.update

resourcemanager.projects.get

resourcemanager.projects.list

Chronicle SOAR Service Agent

(roles/chronicle.soarServiceAgent)

Gives Chronicle SOAR the ability to perform remediation on Cloud Platform resources.

Warning: Do not grant service agent roles to any principals except service agents.

cloudasset.assets.analyzeIamPolicy

cloudasset.assets.exportIamPolicy

cloudasset.assets.exportResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

compute.firewalls.get

compute.firewalls.update

compute.globalOperations.get

compute.instances.deleteAccessConfig

compute.instances.get

compute.instances.list

compute.instances.stop

compute.instances.updateNetworkInterface

compute.networks.updatePolicy

compute.regionOperations.get

compute.zoneOperations.get

compute.zones.list

iam.serviceAccounts.disable

iam.serviceAccounts.list

recommender.iamPolicyRecommendations.*

recommender.iamPolicyRecommendations.get
recommender.iamPolicyRecommendations.list
recommender.iamPolicyRecommendations.update

resourcemanager.organizations.getIamPolicy

securitycenter.findingexternalsystems.update

securitycenter.findings.list

securitycenter.findings.setMute

securitycenter.findings.setState

securitycenter.findings.update

securitycenter.notificationconfig.create

securitycenter.notificationconfig.delete

securitycenter.notificationconfig.get

securitycenter.notificationconfig.update

securitycenter.sources.list

storage.buckets.get

storage.buckets.getIamPolicy

storage.buckets.list

storage.buckets.update

Chronicle SOAR Threat Manager^Beta

(roles/chronicle.soarThreatManager)

Grants threat manager access to Chronicle SOAR.

chronicle.instances.soarThreatManager

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.attackpaths.list

securitycenter.exposurepathexplan.get

securitycenter.findings.bulkMuteUpdate

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.findings.setMute

securitycenter.findings.setState

securitycenter.findings.update

securitycenter.findingsecuritymarks.update

securitycenter.simulations.get

securitycenter.userinterfacemetadata.get

securitycenter.valuedresources.list

Chronicle SOAR Vulnerability Manager^Beta

(roles/chronicle.soarVulnerabilityManager)

Grants vulnerability manager access to Chronicle SOAR.

chronicle.instances.soarVulnerabilityManager

cloudasset.assets.exportResource

cloudasset.assets.queryAccessPolicy

cloudasset.assets.queryIamPolicy

cloudasset.assets.queryOSInventories

cloudasset.assets.queryResource

cloudasset.assets.searchAllIamPolicies

cloudasset.assets.searchAllResources

cloudasset.assets.searchEnrichmentResourceOwners

resourcemanager.organizations.get

resourcemanager.projects.get

resourcemanager.projects.list

securitycenter.attackpaths.list

securitycenter.exposurepathexplan.get

securitycenter.findings.bulkMuteUpdate

securitycenter.findings.group

securitycenter.findings.list

securitycenter.findings.listFindingPropertyNames

securitycenter.findings.setMute

securitycenter.findings.setState

securitycenter.findings.update

securitycenter.findingsecuritymarks.update

securitycenter.simulations.get

securitycenter.userinterfacemetadata.get

securitycenter.valuedresources.list

Chronicle API Viewer

(roles/chronicle.viewer)

Read-only access to the Chronicle API resources.

chronicle.ais.*

chronicle.ais.createFeedback
chronicle.ais.translateUdmQuery
chronicle.ais.translateYlRule

chronicle.analyticValues.list

chronicle.analytics.list

chronicle.announcements.get

chronicle.attachments.get

chronicle.bigQueryExport.get

chronicle.calculatedFieldDefinitions.get

chronicle.caseAlerts.get

chronicle.caseCloseDefinitions.get

chronicle.caseComments.get

chronicle.caseQueueFilters.get

chronicle.caseTagDefinitions.get

chronicle.cases.countPriorities

chronicle.cases.generateReport

chronicle.cases.get

chronicle.chatMessages.get

chronicle.collectors.get

chronicle.collectors.list

chronicle.contentPacks.get

chronicle.contextProperties.get

chronicle.conversations.get

chronicle.conversations.list

chronicle.coverageDetails.*

chronicle.coverageDetails.get
chronicle.coverageDetails.list

chronicle.curatedRuleSetCategories.*

chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
chronicle.curatedRuleSetCategories.get
chronicle.curatedRuleSetCategories.list

chronicle.curatedRuleSetDeployments.get

chronicle.curatedRuleSetDeployments.list

chronicle.curatedRuleSets.*

chronicle.curatedRuleSets.countCuratedRuleSetDetections
chronicle.curatedRuleSets.get
chronicle.curatedRuleSets.list

chronicle.curatedRules.*

chronicle.curatedRules.get
chronicle.curatedRules.list

chronicle.customFieldValues.get

chronicle.customFields.get

chronicle.dashboardCharts.*

chronicle.dashboardCharts.get
chronicle.dashboardCharts.list

chronicle.dashboardQueries.*

chronicle.dashboardQueries.execute
chronicle.dashboardQueries.get
chronicle.dashboardQueries.list

chronicle.dashboardScheduledReports.fetchHistory

chronicle.dashboardScheduledReports.get

chronicle.dashboardScheduledReports.list

chronicle.dashboards.get

chronicle.dashboards.list

chronicle.dashboards.schedule

chronicle.dataAccessScopes.list

chronicle.dataExports.fetchLogTypesAvailableForExport

chronicle.dataExports.fetchServiceAccountForDataExport

chronicle.dataExports.get

chronicle.dataExports.list

chronicle.dataTableOperationErrors.get

chronicle.dataTableRows.bulkGet

chronicle.dataTableRows.get

chronicle.dataTableRows.list

chronicle.dataTables.get

chronicle.dataTables.list

chronicle.dataTaps.get

chronicle.dataTaps.list

chronicle.enrichmentCombination.get

chronicle.enrichmentControls.get

chronicle.enrichmentControls.list

chronicle.entities.find

chronicle.entities.findRelatedEntities

chronicle.entities.get

chronicle.entities.list

chronicle.entities.queryEntityRiskScoreModifications

chronicle.entities.searchEntities

chronicle.entities.summarize

chronicle.entities.summarizeFromQuery

chronicle.entityRiskScores.queryEntityRiskScores

chronicle.environmentGroups.get

chronicle.environments.get

chronicle.events.batchGet

chronicle.events.fetchEnrichedEvent

chronicle.events.findUdmFieldValues

chronicle.events.get

chronicle.events.queryProductSourceStats

chronicle.events.searchRawLogs

chronicle.events.udmSearch

chronicle.events.validateQuery

chronicle.featuredContentNativeDashboards.get

chronicle.featuredContentNativeDashboards.list

chronicle.featuredContentRules.list

chronicle.featuredContentSearchQueries.get

chronicle.featuredContentSearchQueries.list

chronicle.feedPacks.*

chronicle.feedPacks.get
chronicle.feedPacks.list

chronicle.findingsGraphs.*

chronicle.findingsGraphs.exploreNode
chronicle.findingsGraphs.initializeGraph

chronicle.findingsRefinementDeployments.get

chronicle.findingsRefinementDeployments.list

chronicle.findingsRefinements.computeActivity

chronicle.findingsRefinements.computeAllActivities

chronicle.findingsRefinements.get

chronicle.findingsRefinements.list

chronicle.findingsRefinements.test

chronicle.formDynamicParameters.get

chronicle.forwarders.generate

chronicle.forwarders.get

chronicle.forwarders.list

chronicle.globalDataAccessScopes.permit

chronicle.ingestionLogLabels.*

chronicle.ingestionLogLabels.get
chronicle.ingestionLogLabels.list

chronicle.ingestionLogNamespaces.*

chronicle.ingestionLogNamespaces.get
chronicle.ingestionLogNamespaces.list

chronicle.instances.generateCollectionAgentAuth

chronicle.instances.generateSoarAuthJwt

chronicle.instances.get

chronicle.instances.logTypeClassifier

chronicle.instances.report

chronicle.integrationActions.get

chronicle.investigationSteps.*

chronicle.investigationSteps.get
chronicle.investigationSteps.list

chronicle.investigations.fetchAssociated

chronicle.investigations.get

chronicle.investigations.list

chronicle.involvedEntities.get

chronicle.iocAssociations.*

chronicle.iocAssociations.batchGet
chronicle.iocAssociations.fetchRelated
chronicle.iocAssociations.get

chronicle.iocMatches.*

chronicle.iocMatches.get
chronicle.iocMatches.list

chronicle.iocState.get

chronicle.iocs.*

chronicle.iocs.batchGet
chronicle.iocs.fetchRelated
chronicle.iocs.findFirstAndLastSeen
chronicle.iocs.findIocs
chronicle.iocs.get
chronicle.iocs.searchCuratedDetectionsForIoc

chronicle.labsExperimentExecutions.get

chronicle.labsExperimentExecutions.list

chronicle.labsExperiments.get

chronicle.labsExperiments.list

chronicle.legacies.legacyBatchGetCases

chronicle.legacies.legacyBatchGetCollections

chronicle.legacies.legacyFetchAlertsView

chronicle.legacies.legacyFetchUdmSearchCsv

chronicle.legacies.legacyFetchUdmSearchView

chronicle.legacies.legacyFindAssetEvents

chronicle.legacies.legacyFindRawLogs

chronicle.legacies.legacyFindUdmEvents

chronicle.legacies.legacyGetAlert

chronicle.legacies.legacyGetCuratedRulesTrends

chronicle.legacies.legacyGetDetection

chronicle.legacies.legacyGetEventForDetection

chronicle.legacies.legacyGetRuleCounts

chronicle.legacies.legacyGetRulesTrends

chronicle.legacies.legacyRunTestRule

chronicle.legacies.legacySearchArtifactEvents

chronicle.legacies.legacySearchArtifactIoCDetails

chronicle.legacies.legacySearchAssetEvents

chronicle.legacies.legacySearchCuratedDetections

chronicle.legacies.legacySearchCustomerStats

chronicle.legacies.legacySearchDetections

chronicle.legacies.legacySearchDomainsRecentlyRegistered

chronicle.legacies.legacySearchDomainsTimingStats

chronicle.legacies.legacySearchEnterpriseWideAlerts

chronicle.legacies.legacySearchEnterpriseWideIoCs

chronicle.legacies.legacySearchFindings

chronicle.legacies.legacySearchIngestionStats

chronicle.legacies.legacySearchIoCInsights

chronicle.legacies.legacySearchRawLogs

chronicle.legacies.legacySearchRuleDetectionCountBuckets

chronicle.legacies.legacySearchRuleDetectionEvents

chronicle.legacies.legacySearchRuleResults

chronicle.legacies.legacySearchRulesAlerts

chronicle.legacies.legacySearchUserEvents

chronicle.legacies.legacyStreamDetectionAlerts

chronicle.legacies.legacyTestRuleStreaming

chronicle.legacyCases.get

chronicle.legacySearches.*

chronicle.legacySearches.searchCases
chronicle.legacySearches.searchEntities

chronicle.legacySoarAdvancedReports.get

chronicle.legacySoarDashboards.get

chronicle.legacySoarReports.get

chronicle.legacySoarUsers.get

chronicle.legacySystemMetadata.get

chronicle.logProcessingPipelines.fetchAssociatedPipeline

chronicle.logProcessingPipelines.fetchSampleLogsByStreams

chronicle.logProcessingPipelines.get

chronicle.logProcessingPipelines.list

chronicle.logProcessingPipelines.testPipeline

chronicle.logTypeSchemas.list

chronicle.logs.export

chronicle.logs.get

chronicle.logs.list

chronicle.marketplaceIntegrations.get

chronicle.messages.get

chronicle.messages.list

chronicle.moduleSettings.*

chronicle.moduleSettings.get
chronicle.moduleSettings.rebranding

chronicle.multitenantDirectories.get

chronicle.nativeDashboards.get

chronicle.nativeDashboards.list

chronicle.notebooks.*

chronicle.notebooks.get
chronicle.notebooks.list

chronicle.operations.get

chronicle.operations.list

chronicle.operations.streamSearch

chronicle.operations.wait

chronicle.preferenceSets.*

chronicle.preferenceSets.get
chronicle.preferenceSets.update

chronicle.referenceLists.get

chronicle.referenceLists.list

chronicle.referenceLists.verifyReferenceList

chronicle.requestTemplates.get

chronicle.retrohunts.get

chronicle.retrohunts.list

chronicle.riskConfigs.get

chronicle.ruleDeployments.get

chronicle.ruleDeployments.list

chronicle.ruleExecutionErrors.list

chronicle.rules.get

chronicle.rules.list

chronicle.rules.listRevisions

chronicle.rules.verifyRuleText

chronicle.savedColumnSets.*

chronicle.savedColumnSets.create
chronicle.savedColumnSets.delete
chronicle.savedColumnSets.get
chronicle.savedColumnSets.list
chronicle.savedColumnSets.update

chronicle.searchQueries.*

chronicle.searchQueries.create
chronicle.searchQueries.delete
chronicle.searchQueries.get
chronicle.searchQueries.list
chronicle.searchQueries.update

chronicle.summaryTables.get

chronicle.summaryTables.list

chronicle.threatCollectionFilterSet.get

chronicle.threatCollections.*

chronicle.threatCollections.fetchEntityMetadata
chronicle.threatCollections.fetchIocMatchMetadata
chronicle.threatCollections.fetchRelated
chronicle.threatCollections.get
chronicle.threatCollections.list

chronicle.watchlists.get

chronicle.watchlists.list

resourcemanager.projects.get

resourcemanager.projects.list

Google Security Operations permissions

Permission	Included in roles
`chronicle.ais.createFeedback`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.ais.translateUdmQuery`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.ais.translateYlRule`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.alertGroupingRules.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.alertGroupingRules.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.alertGroupingRules.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.analyticValues.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.analytics.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.announcements.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.announcements.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.announcements.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.attachments.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.attachments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.attachments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.bigQueryAccess.provide`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.bigQueryExport.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.bigQueryExport.provision`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.bigQueryExport.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.calculatedFieldDefinitions.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.calculatedFieldDefinitions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.calculatedFieldDefinitions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseAlerts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.caseAlerts.metadataUpdate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseAlerts.move`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseAlerts.updateSla`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseCloseDefinitions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseCloseDefinitions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.caseCloseDefinitions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseComments.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseComments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.caseComments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.caseQueueFilters.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseQueueFilters.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.caseQueueFilters.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseStageDefinitions.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseStageDefinitions.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseStageDefinitions.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseTagDefinitions.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseTagDefinitions.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.caseTagDefinitions.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.caseWallRecords.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.caseWallRecords.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.cases.close`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.cases.countPriorities`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.cases.generateReport`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.cases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.cases.removeTag`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.cases.reopen`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.cases.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.cases.updateTag`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.chatMessages.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.chatMessages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.chatMessages.pin`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.collectors.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.collectors.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.collectors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.collectors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.collectors.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.connectorInstanceLogs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.connectorInstances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.connectorInstances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.connectorInstances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.connectorRevisions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.connectorRevisions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.connectorRevisions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.connectors.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.connectors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.connectors.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.contentPacks.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.contentPacks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.contentPacks.export`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.contentPacks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.contentPacks.install`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.contextProperties.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.contextProperties.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.contextProperties.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.conversations.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.conversations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.conversations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.conversations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.conversations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.coverageDetails.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.coverageDetails.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSetCategories.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSetCategories.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSetDeployments.batchUpdate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.curatedRuleSetDeployments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSetDeployments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSetDeployments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.curatedRuleSets.countCuratedRuleSetDetections`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRuleSets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRules.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.curatedRules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.customFieldValues.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.customFieldValues.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.customFields.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.customFields.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.customFields.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.customLists.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.customLists.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.customLists.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.dashboardCharts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardCharts.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardQueries.execute`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardQueries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardQueries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardScheduledReports.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dashboardScheduledReports.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dashboardScheduledReports.duplicate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dashboardScheduledReports.fetchHistory`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardScheduledReports.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardScheduledReports.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.dashboardScheduledReports.trigger`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dashboardScheduledReports.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dashboards.copy`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dashboards.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dashboards.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dashboards.edit`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dashboards.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dashboards.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dashboards.schedule`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.dataAccessLabels.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataAccessLabels.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataAccessLabels.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataAccessLabels.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.dataAccessLabels.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataAccessScopes.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataAccessScopes.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataAccessScopes.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataAccessScopes.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.dataAccessScopes.permit`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Restricted Data Access (`roles/chronicle.restrictedDataAccess`)
`chronicle.dataAccessScopes.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.dataExports.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataExports.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataExports.fetchLogTypesAvailableForExport`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataExports.fetchServiceAccountForDataExport`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataExports.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataExports.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataExports.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableOperationErrors.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataTableRows.asyncBulkAppend`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableRows.asyncBulkCreate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableRows.asyncBulkReplace`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableRows.asyncBulkUpdate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableRows.bulkCreate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dataTableRows.bulkGet`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataTableRows.bulkReplace`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableRows.bulkUpdate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableRows.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTableRows.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dataTableRows.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataTableRows.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dataTableRows.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTables.bulkCreateDataTableAsync`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTables.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTables.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTables.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dataTables.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.dataTables.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTaps.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTaps.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.dataTaps.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataTaps.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.dataTaps.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.emailTemplates.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.emailTemplates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.emailTemplates.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.enrichmentCombination.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.enrichmentControls.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.enrichmentControls.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.enrichmentControls.disable`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.enrichmentControls.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.enrichmentControls.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.entities.batchCreate`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.entities.batchDelete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.entities.batchValidate`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.entities.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.entities.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.entities.find`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.entities.findRelatedEntities`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.entities.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.entities.import`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.entities.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.entities.modifyEntityRiskScore`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.entities.queryEntityRiskScoreModifications`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.entities.searchEntities`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.entities.summarize`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.entities.summarizeFromQuery`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.entitiesBlocklists.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.entitiesBlocklists.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.entitiesBlocklists.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.entityRiskScores.queryEntityRiskScores`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.environmentGroups.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.environmentGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.environmentGroups.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.environments.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.environments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.environments.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.events.batchGet`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.events.fetchEnrichedEvent`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.events.findUdmFieldValues`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.events.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.events.import`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.events.queryProductSourceStats`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.events.searchRawLogs`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.events.udmSearch`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.events.validateQuery`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.extensionValidationReports.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.extensionValidationReports.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.featuredContentNativeDashboards.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.featuredContentNativeDashboards.install`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.featuredContentNativeDashboards.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.featuredContentRules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.featuredContentSearchQueries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.featuredContentSearchQueries.install`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.featuredContentSearchQueries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.federationGroups.create`	Owner (`roles/owner`) Chronicle API Federation Admin (`roles/chronicle.federationAdmin`)
`chronicle.federationGroups.delete`	Owner (`roles/owner`) Chronicle API Federation Admin (`roles/chronicle.federationAdmin`)
`chronicle.federationGroups.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Federation Admin (`roles/chronicle.federationAdmin`) Chronicle API Federation Viewer (`roles/chronicle.federationViewer`) Support User (`roles/iam.supportUser`)
`chronicle.federationGroups.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Federation Admin (`roles/chronicle.federationAdmin`) Chronicle API Federation Viewer (`roles/chronicle.federationViewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.federationGroups.update`	Owner (`roles/owner`) Chronicle API Federation Admin (`roles/chronicle.federationAdmin`)
`chronicle.feedPacks.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.feedPacks.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.feedServiceAccounts.fetch`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.feedSourceTypeSchemas.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.feeds.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.feeds.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.feeds.disable`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.feeds.enable`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.feeds.generateSecret`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.feeds.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.feeds.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.feeds.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.findingsGraphs.exploreNode`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsGraphs.initializeGraph`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinementDeployments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinementDeployments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinementDeployments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.findingsRefinements.computeActivity`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinements.computeAllActivities`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinements.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.findingsRefinements.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinements.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinements.test`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.findingsRefinements.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.formDynamicParameters.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.formDynamicParameters.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.forwarders.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.forwarders.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.forwarders.generate`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.forwarders.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.forwarders.importStatsEvents`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.forwarders.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.forwarders.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.globalDataAccessScopes.permit`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Global Data Access (`roles/chronicle.globalDataAccess`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.ingestionLogLabels.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.ingestionLogLabels.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.ingestionLogNamespaces.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.ingestionLogNamespaces.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.instances.delete`	Owner (`roles/owner`) Chronicle API Data Governor (`roles/chronicle.dataGovernor`)
`chronicle.instances.generateCollectionAgentAuth`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.instances.generateSoarAuthJwt`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.instances.generateWorkspaceConnectionToken`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.instances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.instances.graduatePocInstance`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.instances.logTypeClassifier`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.instances.permitFederationAccess`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Federation Admin (`roles/chronicle.federationAdmin`) Chronicle API Federation Viewer (`roles/chronicle.federationViewer`) Support User (`roles/iam.supportUser`)
`chronicle.instances.report`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.instances.soarAdmin`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.instances.soarThreatManager`	Owner (`roles/owner`) Chronicle SOAR Threat Manager (`roles/chronicle.soarThreatManager`)
`chronicle.instances.soarVulnerabilityManager`	Owner (`roles/owner`) Chronicle SOAR Vulnerability Manager (`roles/chronicle.soarVulnerabilityManager`)
`chronicle.instances.undelete`	Owner (`roles/owner`) Chronicle API Data Governor (`roles/chronicle.dataGovernor`)
`chronicle.instances.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.instances.verifyNonce`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Support User (`roles/iam.supportUser`)
`chronicle.integrationActionRevisions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationActionRevisions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.integrationActionRevisions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationActions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationActions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.integrationActions.run`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationActions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationInstances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationInstances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.integrationInstances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationLogicalOperatorRevisions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationLogicalOperatorRevisions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.integrationLogicalOperatorRevisions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationLogicalOperators.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationLogicalOperators.execute`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrationLogicalOperators.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.integrationLogicalOperators.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.integrations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.integrations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.investigationSteps.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.investigationSteps.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.investigations.fetchAssociated`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.investigations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.investigations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.investigations.trigger`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.involvedEntities.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.involvedEntities.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.iocAssociations.batchGet`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocAssociations.fetchRelated`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocAssociations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocMatches.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocMatches.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocState.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocState.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.iocs.batchGet`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocs.fetchRelated`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocs.findFirstAndLastSeen`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocs.findIocs`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.iocs.searchCuratedDetectionsForIoc`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.jobInstanceLogs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.jobInstances.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.jobInstances.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.jobInstances.run`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.jobInstances.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.jobRevisions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.jobRevisions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.jobRevisions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.jobs.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.jobs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.jobs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.labsExperimentExecutions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.labsExperimentExecutions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.labsExperimentExecutions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.labsExperiments.execute`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.labsExperiments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.labsExperiments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.labsExperiments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.legacies.legacyBatchGetCases`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyBatchGetCollections`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyFetchAlertsView`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyFetchUdmSearchCsv`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyFetchUdmSearchView`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyFindAssetEvents`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyFindRawLogs`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyFindUdmEvents`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyGetAlert`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyGetCuratedRulesTrends`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyGetDetection`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacies.legacyGetEventForDetection`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyGetRuleCounts`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyGetRulesTrends`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyRunTestRule`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchArtifactEvents`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchArtifactIoCDetails`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacies.legacySearchAssetEvents`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacies.legacySearchCuratedDetections`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacies.legacySearchCustomerStats`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchDetections`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacies.legacySearchDomainsRecentlyRegistered`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchDomainsTimingStats`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchEnterpriseWideAlerts`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchEnterpriseWideIoCs`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacies.legacySearchFindings`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchIngestionStats`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchIoCInsights`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchRawLogs`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchRuleDetectionCountBuckets`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchRuleDetectionEvents`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchRuleResults`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchRulesAlerts`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacySearchUserEvents`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyStreamDetectionAlerts`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacies.legacyTestRuleStreaming`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacies.legacyUpdateAlert`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacyCaseFederationPlatforms.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCaseFederationPlatforms.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.legacyCaseFederationPlatforms.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.createManual`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.createSimulated`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.deleteSimulated`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.exportJson`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacyCases.getSimulated`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.importJson`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.ingest`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.ingestAlertTestCase`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.runManualAction`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyCases.simulate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyConfiguration.getMaximumAlertsGroupingConfiguration`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyFederatedCases.batchPatchFederatedCases`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyFederatedCases.fetchCasesToSync`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyFederatedCases.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyPlaybooks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyPlaybooks.export`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyPlaybooks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.legacyPlaybooks.import`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyPlaybooks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacyPublisher.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle SOAR Remote Agent (`roles/chronicle.soarRemoteAgent`)
`chronicle.legacyPublisher.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle SOAR Remote Agent (`roles/chronicle.soarRemoteAgent`)
`chronicle.legacySdk.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle SOAR Remote Agent (`roles/chronicle.soarRemoteAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacySdk.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle SOAR Remote Agent (`roles/chronicle.soarRemoteAgent`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.legacySearches.searchCases`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacySearches.searchEntities`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacySoarAdvancedReports.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarAdvancedReports.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacySoarAdvancedReports.share`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarAdvancedReports.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarAudits.legacySoarAudit`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarDashboards.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarDashboards.get`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.legacySoarDashboards.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarIdpMappingGroups.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarIdpMappingGroups.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarIdpMappingGroups.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarPermissionGroups.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarReports.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarReports.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacySoarReports.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarSettings.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarSettings.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarUsers.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySoarUsers.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.legacySystem.getLicenseStatus`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySystem.getMaximumDataRetentionValue`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySystem.getSystemVersion`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.legacySystemMetadata.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.legacySystemMetadata.placeholders`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.logProcessingPipelines.associateStreams`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logProcessingPipelines.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logProcessingPipelines.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logProcessingPipelines.dissociateStreams`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logProcessingPipelines.fetchAssociatedPipeline`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.logProcessingPipelines.fetchSampleLogsByStreams`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.logProcessingPipelines.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.logProcessingPipelines.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.logProcessingPipelines.testPipeline`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.logProcessingPipelines.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logTypeSchemas.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.logTypeSettings.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logTypeSettings.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.logTypeSettings.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logTypes.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logTypes.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logTypes.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.logTypes.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.logs.export`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.logs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.logs.import`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.logs.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.managerRevisions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.managerRevisions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.managerRevisions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.managers.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.managers.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.managers.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.mappingRules.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.mappingRules.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.mappingRules.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.marketplaceIntegrations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.marketplaceIntegrations.install`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.marketplaceIntegrations.uninstall`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.messages.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.messages.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.messages.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.messages.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.messages.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.moduleSettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.moduleSettings.rebranding`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.moduleSettingsProperties.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.moduleSettingsProperties.testSettings`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.moduleSettingsProperties.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.multitenantDirectories.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.nativeDashboards.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.nativeDashboards.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.nativeDashboards.duplicate`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.nativeDashboards.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.nativeDashboards.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.nativeDashboards.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.notebooks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.notebooks.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.notificationSettings.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.notificationSettings.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.ontologyRecords.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.ontologyRecords.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.operations.cancel`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.operations.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.operations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.operations.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.operations.streamSearch`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.operations.wait`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.parserExtensions.activate`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parserExtensions.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parserExtensions.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parserExtensions.generateKeyValueMappings`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parserExtensions.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parserExtensions.legacySubmitParserExtension`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parserExtensions.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.parserExtensions.removeSyslog`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.activate`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.activateReleaseCandidate`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.copyPrebuiltParser`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.deactivate`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.generateEventTypesSuggestions`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.parsers.runParser`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsers.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.parsingErrors.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.preferenceSets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.preferenceSets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.propertySchemaDefinitions.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.propertySchemaDefinitions.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.propertySchemaDefinitions.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.referenceLists.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.referenceLists.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.referenceLists.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.referenceLists.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.referenceLists.verifyReferenceList`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.remoteAgents.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.remoteAgents.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.remoteAgents.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.requestTemplates.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.requestTemplates.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.requestTemplates.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.retrohunts.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.retrohunts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.retrohunts.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.riskConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.riskConfigs.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.ruleDeployments.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.ruleDeployments.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.ruleDeployments.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.ruleExecutionErrors.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.rules.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.rules.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.rules.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`) Service agent roles Warning: Don't grant service agent roles to any principals except service agents. Chronicle Service Agent (`roles/chronicle.serviceAgent`)
`chronicle.rules.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.rules.listRevisions`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.rules.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.rules.verifyRuleText`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.savedColumnSets.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.savedColumnSets.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.savedColumnSets.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.savedColumnSets.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.savedColumnSets.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.searchQueries.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.searchQueries.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.searchQueries.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.searchQueries.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.searchQueries.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`)
`chronicle.shareConfigs.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Support User (`roles/iam.supportUser`)
`chronicle.shareConfigs.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.slaDefinitions.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.slaDefinitions.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.slaDefinitions.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.soarDomains.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.soarDomains.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.soarDomains.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.soarNetworks.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.soarNetworks.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.soarNetworks.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.socRoles.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.socRoles.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.socRoles.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.summaryTables.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.summaryTables.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.summaryTables.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.summaryTables.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Restricted Data Access Viewer (`roles/chronicle.restrictedDataAccessViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.summaryTables.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.systemNotifications.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.systemNotifications.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.tasks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.tasks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.tasks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.tenants.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.tenants.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.tenants.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.threatCollectionFilterSet.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.threatCollections.fetchEntityMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.threatCollections.fetchIocMatchMetadata`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.threatCollections.fetchRelated`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.threatCollections.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.threatCollections.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Limited Viewer (`roles/chronicle.limitedViewer`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.transformerDefinitions.create`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.transformerDefinitions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.transformerDefinitions.execute`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.transformerDefinitions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.transformerDefinitions.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.transformerDefinitions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.transformerRevisions.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.transformerRevisions.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.transformerRevisions.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.uniqueEntities.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.uniqueEntities.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.userLocalizations.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.userLocalizations.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.userNotifications.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.userNotifications.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.validationErrors.list`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`)
`chronicle.validationReports.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`)
`chronicle.views.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.views.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.visualFamilies.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.visualFamilies.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.visualFamilies.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.watchlists.create`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.watchlists.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.watchlists.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Support User (`roles/iam.supportUser`)
`chronicle.watchlists.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle API Viewer (`roles/chronicle.viewer`) Security Admin (`roles/iam.securityAdmin`) Security Auditor (`roles/iam.securityAuditor`) Security Reviewer (`roles/iam.securityReviewer`) Support User (`roles/iam.supportUser`)
`chronicle.watchlists.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`)
`chronicle.webhooks.delete`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.webhooks.get`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.webhooks.update`	Owner (`roles/owner`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.workdeskContacts.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.workdeskContacts.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.workdeskContacts.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.workdeskLinks.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.workdeskLinks.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.workdeskLinks.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.workdeskNotes.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)
`chronicle.workdeskNotes.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`) Support User (`roles/iam.supportUser`)
`chronicle.workdeskNotes.update`	Owner (`roles/owner`) Editor (`roles/editor`) Chronicle API Admin (`roles/chronicle.admin`) Chronicle API Editor (`roles/chronicle.editor`) Chronicle SOAR Admin (`roles/chronicle.soarAdmin`)

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.

Movatterモバイル変換

Google Security Operations roles and permissions Stay organized with collections Save and categorize content based on your preferences.