Organization Owner and Organization User Privileges

In the Threat Stack Cloud Security PlatformⓇ (CSP), organization owners and organization users have different privileges. Organization owners have more privileges than organization users. These organization privileges cannot be configured by any Threat Stack CSP account, whether owner or user.

Tip

Just need a quick breakdown of the privilege differences between organization owners and users? See this FAQ.

Navigation Tabs
Organization Owner Organization User
View the left navigation pane View the left navigation pane
Switch organizations Switch organizations
Access the Dashboard tab Access the Dashboard tab
Access the Config Audit tab Access the Config Audit tab
Access the Servers tab Access the Servers tab
Access the Alerts tab Access the Alerts tab
Access the Events tab Access the Events tab
Access the Rules tab Access the Rules tab
Access the Audit Log tab Access the Audit Log tab
Access the Applications tab Access the Applications tab
Access the Settings tab Access the Settings tab
View the top navigation pane View the top navigation pane
View the title of the currently selected left navigation tab View the title of the currently selected left navigation tab
View your account avatar View your account avatar
View the email address associated with your account View the email address associated with your account
Log out of the Threat Stack CSP Log out of the Threat Stack CSP
Access the Support menu Access the Support menu
Open a Support ticket Open a Support ticket
View the status of the Threat Stack CSP View the status of the Threat Stack CSP
Access Help and Documentation about the Threat Stack CSP Access Help and Documentation about the Threat Stack CSP
View the Threat Stack CSP's terms of service View the Threat Stack CSP's terms of service
View the Threat Stack CSP's privacy policy View the Threat Stack CSP's privacy policy
Dashboard Tab
Organization Owner Organization User
Access the Dashboard tab Access the Dashboard tab
View the New Alerts in the Last 24 Hours pane View the New Alerts in the Last 24 Hours pane
Access the Alerts tab > Severity 1 tab Access the Alerts tab > Severity 1 tab
Access the Alerts tab > Severity 2 tab Access the Alerts tab > Severity 2 tab
View the Vulnerable Servers pane View the Vulnerable Servers pane
View the Servers tab > Online Servers tab View the Servers tab > Online Servers tab
View the Coverage Analysis pane View the Coverage Analysis pane
View the Severity 1 Alerts Generated This Week pane View the Severity 1 Alerts Generated This Week pane
Access the Alerts tab > Severity 1 tab Access the Alerts tab > Severity 1 tab
View the Severity 2 Alerts Generated This Week pane View the Severity 2 Alerts Generated This Week pane
Access the Alerts tab > Severity 2 tab Access the Alerts tab > Severity 2 tab
Config Audit Tab
Organization Owner Organization User
Access the Config Audit tab Access the Config Audit tab
Run a configuration audit assessment Run a configuration audit assessment
View results of a configuration audit assessment View results of a configuration audit assessment
Servers Tab
Organization Owner Organization User
Access the Servers tab Access the Servers tab
Access the Online Servers tab Access the Online Servers tab
View servers with out of date Agents View servers with out of date Agents
View servers with high CVE View servers with high CVE
Search for servers Search for servers
View server names, vulnerabilities, instance IDs, regions, instance types, key pairs, IP addresses, uptime, and Agent information View server names, vulnerabilities, instance IDs, regions, instance types, key pairs, IP addresses, uptime, and Agent information
Sort by server names, vulnerabilities, instance IDs, regions, instance types, key pairs, uptime, or Agent information Sort by server names, vulnerabilities, instance IDs, regions, instance types, key pairs, uptime, or Agent information
Add Threat Stack Agent series 1.x or 2.x to a server Add Threat Stack Agent series 1.x or 2.x to a server
Select one or multiple server(s) Select one or multiple server(s)
Revoke one or multiple server(s) Revoke one or multiple server(s)
Filter displayed servers by vulnerability severity, AWS EC2 tags, Ruleset, and/or Threat Stack Agent version Filter displayed servers by vulnerability severity, AWS EC2 tags, Ruleset, and/or Threat Stack Agent version
Access the Offline Servers tab Access the Offline Servers tab
View servers with out of date (no longer supported) Agents View servers with out of date (no longer supported) Agents
View servers with high CVE View servers with high CVE
Search for servers Search for servers
View server names, vulnerabilities, instance IDs, regions, instance types, key pairs, IP addresses, last seen, and Agent information View server names, vulnerabilities, instance IDs, regions, instance types, key pairs, IP addresses, last seen, and Agent information
Sort by server names, vulnerabilities, instance IDs, regions, instance types, key pairs, last seen, or Agent information Sort by server names, vulnerabilities, instance IDs, regions, instance types, key pairs, last seen, or Agent information
Add Threat Stack Agent series 1.x or 2.x to a server Add Threat Stack Agent series 1.x or 2.x to a server
Select one or multiple server(s) Select one or multiple server(s)
Revoke one or multiple server(s) Revoke one or multiple server(s)
Filter displayed servers by CVE, vulnerability severity, or AWS EC2 tags Filter displayed servers by CVE, vulnerability severity, or AWS EC2 tags
Access the All EC2 Servers tab Access the All EC2 Servers tab
View non-monitored instances View non-monitored instances
Search for instances Search for instances
View whether or not a Threat Stack Agent is installed on the instance, the instance name, the instance ID, the instance type, the instance region, the instance key pair, the instance's external IP address, and the instance's internal IP address View whether or not a Threat Stack Agent is installed on the instance, the instance name, the instance ID, the instance type, the instance region, the instance key pair, the instance's external IP address, and the instance's internal IP address
Sort by whether or not a Threat Stack Agent is installed on the instance, the instance name, the instance ID, the instance type, the instance region, the instance key pair, the instance's external IP address, or the instance's internal IP address Sort by whether or not a Threat Stack Agent is installed on the instance, the instance name, the instance ID, the instance type, the instance region, the instance key pair, the instance's external IP address, or the instance's internal IP address
Filter displayed servers by EC2 monitored state, EC2 key name, and/or EC2 instance type Filter displayed servers by EC2 monitored state, EC2 key name, and/or EC2 instance type
Access the Vulnerabilities tab Access the Vulnerabilities tab
View active vulnerabilities View active vulnerabilities
View vulnerable packages, CVEs, vectors, servers affected, and vulnerability severity View vulnerable packages, CVEs, vectors, servers affected, and vulnerability severity
Select one or multiple vulnerability(ies) Select one or multiple vulnerability(ies)
Suppress a vulnerability for business reasons, false positive, compensating control in place, or other Suppress a vulnerability for business reasons, false positive, compensating control in place, or other
Suppress all vulnerabilities related to a specific CVE for business reasons, false positive, compensating control in place, or other Suppress all vulnerabilities related to a specific CVE for business reasons, false positive, compensating control in place, or other
Filter vulnerabilities by CVE, package, attack vector, and/or severity level Filter vulnerabilities by CVE, package, attack vector, and/or severity level
View suppressed vulnerabilities View suppressed vulnerabilities
View suppressed vulnerability packages, CVEs, date and time of suppression, and reason for suppression View suppressed vulnerability packages, CVEs, date and time of suppression, and reason for suppression
Select one or multiple suppressed vulnerability(ies) Select one or multiple suppressed vulnerability(ies)
Remove suppressions from vulnerabilities Remove suppressions from vulnerabilities
Alerts Tab
Organization Owner Organization User
Access the Alerts tab Access the Alerts tab
Access the Alerts Histogram section Access the Alerts Histogram section
Select a time range / clear the time range on the Alerts Histogram Select a time range / clear the time range on the Alerts Histogram
Filter alerts by title Filter alerts by title
Change the displayed number of alerts that match the selected filters Change the displayed number of alerts that match the selected filters
View alerts by group View alerts by group
View the number of alerts in a group, the title of the group, and the trend line for those alerts over the previous seven calendar days View the number of alerts in a group, the title of the group, and the trend line for those alerts over the previous seven calendar days
View subgroups of alerts View subgroups of alerts
View the number of alerts in a subgroup and the title of the subgroup View the number of alerts in a subgroup and the title of the subgroup
Select one or multiple subgroup(s) Select one or multiple subgroup(s)
Dismiss all alerts in a subgroup for no reason, business operation, normal per company policy, required temporarily / for testing and maintenance, or for other reasons Dismiss all alerts in a subgroup for no reason, business operation, normal per company policy, required temporarily / for testing and maintenance, or for other reasons
Suppress all alerts in a subgroup Suppress all alerts in a subgroup
View alerts in a list View alerts in a list
View an alert's severity, title, and last date and time of the alert View an alert's severity, title, and last date and time of the alert
Sort alerts by severity, title, or last alert date and time Sort alerts by severity, title, or last alert date and time
Dismiss an alert for no reason, business operation, normal per company policy, required temporarily / for testing and maintenance, or for other reasons Dismiss an alert for no reason, business operation, normal per company policy, required temporarily / for testing and maintenance, or for other reasons
Suppress one or multiple alert(s) Suppress one or multiple alert(s)
View details of an alert View details of an alert
View the JSON for an alert View the JSON for an alert
View or modify the rule associated with the alert View or modify the rule associated with the alert
View AWS EC2 tags associated with an alert View AWS EC2 tags associated with an alert
View events that contributed to an alert View events that contributed to an alert
Filter alerts by rule, by AWS EC2 tag, and/or by Ruleset Filter alerts by rule, by AWS EC2 tag, and/or by Ruleset
Events Tab
Organization Owner Organization User
Access the Events tab Access the Events tab
Access the All Raw Events tab Access the All Raw Events tab
View a list of supported query keys and operators View a list of supported query keys and operators
Enter a query to search for specific events Enter a query to search for specific events
Pick the date and time within which to display events Pick the date and time within which to display events
Browse events by page Browse events by page
View event metadata View event metadata
Add event metadata to a query Add event metadata to a query
Create a rule from an event Create a rule from an event
View the JSON for an event View the JSON for an event
Add an event to the My Event Queue tab Add an event to the My Event Queue tab
Access the My Event Queue tab Access the My Event Queue tab
View a list of supported query keys and operators View a list of supported query keys and operators
Enter a query to search for specific events Enter a query to search for specific events
Pick the date and time within which to display events Pick the date and time within which to display events
Browse events by page Browse events by page
View event metadata View event metadata
Add event metadata to a query Add event metadata to a query
View the JSON for an event View the JSON for an event
Remove an event from the My Event Queue tab Remove an event from the My Event Queue tab
Rules Tab
Organization Owner Organization User
Access the Rules tab Access the Rules tab
Enable / disable Rulesets Enable / disable Rulesets
View Rulesets View Rulesets
View Ruleset details View Ruleset details
View servers using the Ruleset, along with their server name, the specific Ruleset(s) applied, and the last time the server sent a hearbeat View servers using the Ruleset, along with their server name, the specific Ruleset(s) applied, and the last time the server sent a hearbeat
Search for servers that use the Ruleset Search for servers that use the Ruleset
Assign / remove servers from the Ruleset Assign / remove servers from the Ruleset
Add / modify Rulesets Add / modify Rulesets
Delete Rulesets(except the Base Ruleset, which cannot be deleted) Delete Rulesets(except the Base Ruleset, which cannot be deleted)
Enable / disable rules Enable / disable rules
Add rules to the Threat Stack CSP, including Linux Host, FIM, CloudTrail, Threat Intelligence, Windows Host, Kubernetes Audit, and/or Kubernetes Config Add rules to the Threat Stack CSP, including Linux Host, FIM, CloudTrail, Threat Intelligence, Windows Host, Kubernetes Audit, and/or Kubernetes Config
Clone rules Clone rules
Add alert triggers to rules Add alert triggers to rules
Assign severity levels to alert triggers Assign severity levels to alert triggers
Assign AWS EC2 inclusion / exclusion tags to rules Assign AWS EC2 inclusion / exclusion tags to rules
Add filters to rules Add filters to rules
Add suppressions to rules Add suppressions to rules
Assign / remove rules from a Ruleset Assign / remove rules from a Ruleset
Modify rules in a Ruleset Modify rules in a Ruleset
Delete rules from a Ruleset Delete rules from a Ruleset
Audit Log Tab
Organization Owner Organization User
Access the Audit Log tab Access the Audit Log tab
Pick the date and time within which to display audit logs Pick the date and time within which to display audit logs
Search for specific audit logs Search for specific audit logs
Browse pages of audit logs Browse pages of audit logs
View audit logs View audit logs
View the following information associated with an audit log: email address of the user that triggered the audit action, the source of the audit action, the audit action, a description of the audit action, and the date and time at which the audit action occurred View the following information associated with an audit log: email address of the user that triggered the audit action, the source of the audit action, the audit action, a description of the audit action, and the date and time at which the audit action occurred
View the JSON for an audit log View the JSON for an audit log
Settings Tab
Organization Owner Organization User
Access the Settings tab Access the Settings tab
General Settings Tab
Organization Owner Organization User
Access the General Settings tab Access the General Settings tab
Access the General Settings section Access the General Settings section
Add or modify the Full Name for the Threat Stack CSP account Add or modify the Full Name for the Threat Stack CSP account
Add or modify the Organization Name
Enroll in Multi-Factor Authentication Enroll in Multi-Factor Authentication
Change the current Threat Stack CSP account's password Change the current Threat Stack CSP account's password
Access the Notification Settings section Access the Notification Settings section
Enable / disable email alerts Enable / disable email alerts
Receive daily email reports for: alerts, FIM, vulnerabilities, consolodated compliance information Receive daily email reports for: alerts, FIM, vulnerabilities, consolodated compliance information
Receive email reports for Configuration Auditing, per assessment Receive email reports for Configuration Auditing, per assessment
Modify the number of daily email reports to which the Threat Stack CSP account subscribes Modify the number of daily email reports to which the Threat Stack CSP account subscribes
Access the Alert Settings section
Enable / disable automatic dismissal of Severity 3 alerts
Modify the frequency at which Severity 3 alerts are dismissed
Access the Scheduled Assessments section Access the Scheduled Assessments section
Enable / disable daily configuration audit assessments Enable / disable daily configuration audit assessments
Modify the date and time at which configuration audit assessments occur Modify the date and time at which configuration audit assessments occur
Users Tab
Organization Owner Organization User
Access the Users tab Access the Users tab
Send email invitations to people to join your Threat Stack CSP organization Send email invitations to people to join your Threat Stack CSP organization
View a list of usernames, email addresses, roles, and creation dates for all organization owner and user accounts View a list of usernames, email addresses, roles, and creation dates for all organization owner and user accounts
Sort by usernames, email addresses, roles, and creation dates for all organization owner and user accounts Sort by usernames, email addresses, roles, and creation dates for all organization owner and user accounts
Revoke an account's access to your Threat Stack CSP organization
Promote a user account to the organization owner account
Authentication Tab
Organization Owner Organization User
Access the Authentication tab
Enable / disable Single Sign-On (SSO) for the Threat Stack CSP organization
Modify SSO for the Threat Stack CSP organization
Application Keys Tab
Organization Owner Organization User
Access the Application Keys tab Access the Application Keys tab
Access the Deployment Key section Access the Deployment Key section
View and copy the organization's deployment key View and copy the organization's deployment key
Reset the organization's deployment key
Access the REST API Key section Access the REST API Key section
View and copy the organization's REST API key View and copy the organization's REST API key
Reset the organization's REST API key Reset the organization's REST API key
View and copy the organization's ID View and copy the organization's ID
View and copy the user account's user ID View and copy the user account's user ID
Integrations Tab
Organization Owner Organization User
Access the Integrations tab Access the Integrations tab
Access the AWS Accounts section Access the AWS Accounts section
Add, view, modify, and delete AWS account integrations Add, view, modify, and delete AWS account integrations
Access the PagerDuty section Access the PagerDuty section
Add, view, modify, and delete PagerDuty account integrations
Access the Slack section Access the Slack section
Add, view, modify, and delete Slack account integrations Add, view, modify, and delete Slack account integrations
Access the VictorOps section Access the VictorOps section
Add, view, modify, and delete VictorOps account integrations Add, view, modify, and delete VictorOps account integrations
Access the Webhook API section Access the Webhook API section
Add, view, modify, and delete webhook integrations Add, view, modify, and delete webhook integrations
Billing Tab
Organization Owner Organization User
Access the Billing tab Access the Billing tab
View payment information View payment information
Add or update payment information
Public API
REST API V2 information
Organization Owner Organization User
Access the Rest API V2 overview Access the Rest API V2 overview
Access the Rest API V2 authentication information Access the Rest API V2 authentication information
Access the Rest API V2 time range information Access the Rest API V2 time range information
Access the Rest API V2 pagination information Access the Rest API V2 pagination information
Access the Rest API V2 rate limit information Access the Rest API V2 rate limit information
Access the Rest API V2 HTTP status code overview Access the Rest API V2 HTTP status code overview
Agent Endpoints and Models
Organization Owner Organization User
Access Agent endpoints and models Access Agent endpoints and models
Access GET List Agents endpoint Access GET List Agents endpoint
Access GET Get an Agent endpoint Access GET Get an Agent endpoint
Access Agent model Access Agent model
Alert Endpoints and Models
Organization Owner Organization User
Access Alert endpoints and models Access Alert endpoints and models
Access Alerts overview information Access Alerts overview information
Access GET List Alerts endpoint Access GET List Alerts endpoint
Access GET Get an Alert endpoint Access GET Get an Alert endpoint
Access GET Get Count of Active Alerts by Severity endpoint Access GET Get Count of Active Alerts by Severity endpoint
Access GET Get Events for an Alert endpoint Access GET Get Events for an Alert endpoint
Access POST Dismiss Alerts endpoint Access POST Dismiss Alerts endpoint
Access Alert model Access Alert model
Access Alert Severity Count model Access Alert Severity Count model
Access Dismiss Alert by ID model Access Dismiss Alert by ID model
Access Dismiss Alert by Query Parameters model Access Dismiss Alert by Query Parameters model
Audit Log Endpoints and Models
Organization Owner Organization User
Access Audit Logs endpoints and models Access Audit Logs endpoints and models
Access GET Audit Logs endpoint Access GET Audit Logs endpoint
Access Audit Log model Access Audit Log model
Data Portability Endpoints and Models
Organization Owner Organization User
Access Data Portability endpoints and models Access Data Portability endpoints and models
Access GET List S3 Export Enrollment endpoint Access GET List S3 Export Enrollment endpoint
Access PUT Update S3 Export Enrollment endpoint Access PUT Update S3 Export Enrollment endpoint
Access DELETE Delete S3 Export Enrollment endpoint Access DELETE Delete S3 Export Enrollment endpoint
Access S3 Export Enrollment model Access S3 Export Enrollment model
Access Update S3 Export Enrollment model Access Update S3 Export Enrollment model
Rulesets and Rules Endpoints and Models
Organization Owner Organization User
Access Rulesets and Rules endpoints and models Access Rulesets and Rules endpoints and models
Access Rules and Rulesets overview information Access Rules and Rulesets overview information
Access GET List Rulesets endpoint Access GET List Rulesets endpoint
Access GET Get a Ruleset endpoint Access GET Get a Ruleset endpoint
Access GET List Rules for a Ruleset endpoint Access GET List Rules for a Ruleset endpoint
Access GET Get a Rule for a Ruleset endpoint Access GET Get a Rule for a Ruleset endpoint
Access GET List Active Agents for Rulests endpoint Access GET List Active Agents for Rulests endpoint
Access GET Get Tags for a Rule endpoint Access GET Get Tags for a Rule endpoint
Access POST Create Ruleset endpoint Access POST Create Ruleset endpoint
Access POST Create Rules endpoint Access POST Create Rules endpoint
Access POST Set Tags for a Rule endpoint Access POST Set Tags for a Rule endpoint
Access PUT Update Ruleset endpoint Access PUT Update Ruleset endpoint
Access PUT Update Rule endpoint Access PUT Update Rule endpoint
Access PUT Update Rule Suppression endpoint Access PUT Update Rule Suppression endpoint
Access DELETE Delete Ruleset endpoint Access DELETE Delete Ruleset endpoint
Access DELETE Delete Rule endpoint Access DELETE Delete Rule endpoint
Access IDS Rule model Access IDS Rule model
Access IDS Rule Response model Access IDS Rule Response model
Access File Rule model Access File Rule model
Access File Rule Response model Access File Rule Response model
Access Kubernetes Audit Rule model Access Kubernetes Audit Rule model
Access Kubernetes Audit Rule Response model Access Kubernetes Audit Rule Response model
Access Kubernetes Config Rule model Access Kubernetes Config Rule model
Access Kubernetes Config Rule Response model Access Kubernetes Config Rule Response model
Access Ruleset model Access Ruleset model
Access Windows Rule model Access Windows Rule model
Access Windows Rule Response model Access Windows Rule Response model
EC2 Instance Endpoints and Models
Organization Owner Organization User
Access EC2 Instances endpoints and models Access EC2 Instances endpoints and models
Access EC2 Instance overview information Access EC2 Instance overview information
Access GET List AWS EC2 Instances endpoint Access GET List AWS EC2 Instances endpoint
Access EC2 Instance model Access EC2 Instance model
CVE Vulnerabilities Endpoints and Models
Organization Owner Organization User
Access CVE Vulnerabilities endpoints and models Access CVE Vulnerabilities endpoints and models
Access CVE Vulnerabilities overview information Access CVE Vulnerabilities overview information
Access GET List Vulnerabilities endpoint Access GET List Vulnerabilities endpoint
Access GET List Affected Servers by CVE endpoint Access GET List Affected Servers by CVE endpoint
Access GET List Vulnerabilities by Package endpoint Access GET List Vulnerabilities by Package endpoint
Access GET List Suppressions with Details endpoint Access GET List Suppressions with Details endpoint
Access Suppressed CVE Reason model Access Suppressed CVE Reason model
Access Vulnerable Server model Access Vulnerable Server model
Access CVE model Access CVE model
Alert Webhooks API
Organization Owner Organization User
Access Alert Webhooks API information Access Alert Webhooks API information
Access Webooks overview Access Webooks overview
Access Webooks setup information Access Webooks setup information
Access Webhooks Payload model Access Webhooks Payload model
Access Webooks security information Access Webooks security information
Access Webooks retries information Access Webooks retries information
Access Webook endpoints information Access Webook endpoints information
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request