I am faced with an issue I cannot quite see a clear path out of, and I would appreciate some help with this one.
We have a 3rd party managing our Sentinel solution and they have presented an issue where other 3rd parties are able to see their intellectual property. The specific IP they are referring to is the analytic queries set up in the log space.
Is it possible to allow SoC team members from the other 3rd party to use Sentinel and restrict the roles they have to prevent them viewing the analytic queries but retaining the ability to still actively use Sentinel? (e.g., run queries against logs).
I can see you can set up customised roles within Azure but I am struggling to get my head around it logically to be certain it would work as needed.