User roles
| User role | Area of responsibility |
|---|---|
| Site manager (Applies to on-premises installations only.) |
Responsible for installing and maintaining the SOAR Platform environment, and for verifying that all system and network prerequisites are met. |
| System administrator |
Responsible for configuring and maintaining the administrative portion of the SOAR organization. The role is an IT administrator, responsible for managing users and user permissions, authentication methods, IP blocks, and downloading and installing apps. When multiple SOAR organizations exist, the system administrator also manages configuration imports and exports. |
| Playbook designer |
Responsible for designing, implementing, and maintaining the rules, conditions, workflows, and incident layouts that control the flow of responses to incidents. An advanced playbook designer is knowledgeable with the Python language and can write scripts to help with advanced incident response. The designer determines which apps, if any, are needed to extend the capabilities of the SOAR Platform. |
| Incident management team |
Responsible for case management, also known as incident response, such as responding to assigned tasks, monitoring incidents, and analyzing statistics. |
| App developer | Responsible for writing SOAR Platform apps to access and return external data, interact or integrate with other security systems, and for writing utilities that run a specific action. |