Which user role can reset users' credentials and manage detections?

The Falcon Security Lead role is specifically designed for individuals who oversee security operations and need elevated privileges to manage security-related tasks effectively. This role includes the authority to reset users' credentials, which is critical for maintaining account security and access control within the Falcon platform. Additionally, managing detections falls under this role’s responsibilities, allowing the Falcon Security Lead to respond appropriately to security incidents, analyze threats, and implement necessary measures to protect the organization.

In contrast, other roles such as the Falcon Analyst and Quarantine Manager have more specialized functions that do not typically encompass user credential management. The Falcon Analyst focuses mainly on threat analysis and reporting, while the Quarantine Manager is tasked with handling quarantined files. The Endpoint Manager is primarily responsible for managing endpoints and ensuring their compliance with security policies but also lacks the comprehensive authority to reset user credentials and manage detections like the Falcon Security Lead does. This distinction highlights the critical nature of the Falcon Security Lead in maintaining overall security governance within the Falcon environment.