Describe the feature:
It should be possible to restrict a user role so that it can create detection rules but is not allowed to enable them.
To enforce a four-eyes principle in the detection rules.
Describe a specific use case for the feature:
We have a requirement that an analyst can create a detection rule, but that it must be checked by an engineer before activation and optimized if necessary.
However, it happens again and again that an analyst creates a detection rule and then accidentally activates it with "save and enable".
Describe the feature: It should be possible to restrict a user role so that it can create detection rules but is not allowed to enable them. To enforce a four-eyes principle in the detection rules.
Describe a specific use case for the feature: We have a requirement that an analyst can create a detection rule, but that it must be checked by an engineer before activation and optimized if necessary.
However, it happens again and again that an analyst creates a detection rule and then accidentally activates it with "save and enable".
We would like to prevent this. :)