Skip to main content

SOAR IAM roles

  • March 4, 2025
  • 1 reply
  • 147 views
smit8
Forum|alt.badge.img+6

What do these IAM roles do? Soar permissions seem to be managed by permission groups and roles in the SOAR, so wondering what these do from the GCP IAM side. The one article that mentions them is for scc, so confusing if i need these or not

Chronicle SOAR Admin (roles/chronicle.soarAdmin)
Chronicle SOAR Threat Manager (roles/chronicle.soarThreatManager)
Chronicle SOAR Vulnerability Manager (roles/chronicle.soarVulnerabilityManager)

1 reply

dnehoda
Staff
Forum|alt.badge.img+16
  • dnehoda
  • Staff
  • March 5, 2025

These are roles that are for SOAR users accessing SCC data.  Each one has a different use.  Different access to menus/capabilties.  They are not neccesary if you dont have SCC.  

A "Google SecOps Chronicle SOAR Threat Manager" is a role within the Google Security Operations platform (formerly known as Chronicle) that primarily focuses on managing and responding to security threats by utilizing the SOAR (Security Orchestration, Automation, and Response) capabilities, allowing them to investigate incidents, prioritize alerts, and automate response actions to mitigate threats effectively.

 

A "Google SecOps Chronicle SOAR Vulnerability Manager" is a role within the Google Security Operations platform (SecOps) that specifically focuses on managing and responding to vulnerabilities identified within the system, utilizing the SOAR (Security Orchestration, Automation, and Response) capabilities to automate remediation actions based on vulnerability scans and threat intelligenceessentially, this role is responsible for overseeing the vulnerability management process within the SecOps platform, leveraging automation to prioritize and address critical vulnerabilities efficiently. 
 
 
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.