The self service read-only users feature provides users
who do not have an account and at least one role mapped in Cortex
XSOAR the ability to access Cortex XSOAR in a very limited capacity.
Self service read-only users can:
view their own incidents
add notes and attachments to their incidents
view the dashboards created for them by the administrator
An example of an incident that a self service read-only user
could create is to report that they lost their laptop.
Self-service read-only users can only view their own data. They
cannot start an investigation, create dashboard or reports, or change
anything in incidents they create.
In order to create notes, the self service read-only user must
Mark as a note
It is recommended, but not required, that read-only users have
an existing account in the company’s enterprise directory and Cortex
XSOAR configured to authenticate and authorize read-only users using
the same the same enterprise directory with LDAP, AD, or SAML authentication
A user is considered as a read-only user if it has no role associated
with the Cortex XSOAR users settings.
To enable the self service read-only user feature, Cortex XSOAR
administrators need to:
Set server configuration parameters to:
authenticated users without roles to access the home page.
Define the list of dashboards such users have access to.
Create self service read-only incident types. Since self
service read-only users cannot initiate an investigation, the playbooks
associated with these incident types should run automatically
Create self service read-only users if no enterprise directory
is configured with Cortex XSOAR.
Create incident layouts for self service read-only users
and allow read-only users to access the incidents tabs containing