Skip to main content
Version: Next

Roles

This page outlines the roles and their capabilities in Alert Manager Enterprise (AME), as detailed in the tables below.

Application

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
AME configuration (license, logging, proxy)
AME setup
AME update tasks
App installation
App update

Events

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Add and view comments to existing events
Assign a user to an event
Delete events
Edit multiple events at the same time
Filter events by tag
Filter events by time range
Invoke Splunk Workflow Actions
Modify events
Search events by priority
Start the search that created the event
Tag an event with MITRE ATT&CK or Cyber Kill Chain
Update the notification scheme
Update the status of an event
Update the urgency of an event
View events
View the count, history, and result fields

Templates

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Apply template on alert action
Create template
Delete template
Update template

Rules

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Delete status
Set conditions for automatic event resolution
Set rules to suppress event alerts
Set time restrictions for rules

Tags

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Create tags
Delete tags
Update predefined MITRE ATT&CK© tags
Update tags

Tenants

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Configuration templates available
Create tenants
Delete tenants
Initialize tenants with event collection and roles
Test HEC Connectivity

Notifications

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Assign a status to an event that will trigger notifications
Configure notifications on status change
Update and delete a notification scheme

Statuses

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Create statuses
Delete statuses
Set description for statuses
Update statuses

Resolutions

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Create resolution
Delete resolution
Set description for resolutions
Update resolution

SLAs

CapabilitySplunk Admin RoleAME Admin RoleAME Power UserAME User
Create SLA
Delete SLA
Update SLA