Assign one of three common hub administrative roles to provide full access to your Cortex XDR instances. Access to and management of Analytics features also requires an administrative role assigned to Cortex XDR - Analytics.
Access to the alerts, incidents, and investigation tabs. The user can view alerts and incidents, run and schedule queries, but cannot view rules.
Investigation and Response
Access to the Alerts, Incidents, Investigation and Response tabs. The Rules tab is not visible or accessible.
Investigation and Rules View
Access to the Alerts, Incidents, and Investigation tabs, with additional read-only access to rules.
Investigation, Rules View and Response
Access to the Alerts, Incidents, Investigation and Response tabs and read-only access to Rules.
Investigation, Rules and Response
Access to all features except the app configuration pages and audit logs.