Which roles can view exclusions and exclusion audit logs?

The ability to view exclusions and exclusion audit logs is primarily designed for roles that have significant responsibilities related to security management and oversight within the CrowdStrike Falcon platform. The Falcon Administrator is a key role assigned to individuals who manage and configure security settings, including exclusions. This role is crucial for ensuring that the organization's security posture is maintained and that any necessary exclusions from detection are properly documented and audited.

Similarly, the Detections Exceptions Manager is specifically focused on managing exceptions in detection processes, making it essential for this role to have access to both exclusions and their corresponding audit logs. This access allows the Detections Exceptions Manager to effectively monitor alterations in exclusion settings and uphold compliance and security standards.

In contrast, the other roles listed do not encompass the same level of oversight regarding exclusions and audit logs. For example, roles such as Falcon Endpoint Manager and Falcon Investigator, while important, do not focus specifically on managing exclusions, which is crucial for making informed decisions about threat detection and incident response. This distinct focus of the Falcon Administrator and Detections Exceptions Manager on exclusion management justifies their access to this critical information.