Instance Administrator
Learn more about the Cortex XDR predefined user role
called Instance Administrator.
The
Cortex
XDR
predefined user role called Instance
Administrator
provides full access to the app instance
for which this role is assigned.The Instance Administrator
can also make other users an Instance Administrator for the app
instance. If the app has predefined or custom roles, the Instance Administrator
can assign those roles to other users.
The Instance
Administrator can only assign permissions to the other user from
the
Cortex
XDR
Management
Console.Navigation Headings | Components | Permissions | Additional Action Permissions | ||
|---|---|---|---|---|---|
None | View | View/Edit | Edit/None | ||
DASHBOARDS & REPORTS | Dashboards | — | — | 
| — |
Ingestion Monitoring | — |
| — | — | |
Reports | — | — |
| — | |
INCIDENT RESPONSE | |||||
> Incidents & Alerts | Alerts & Incidents | — | — |
| — |
> Investigation | Query Center | — | — |
| — |
Personal Query Library | — | — |
| — | |
Forensics | — | — |
| — | |
Host Insights | — | — |
| — | |
> Response | Action Center | — | — |
| |
Isolate
| |||||
Terminate Process
| |||||
Quarantine
| |||||
EDL
| |||||
File Retrieval
| |||||
File Search
| |||||
Destroy Files
| |||||
Allow List/Block List
| |||||
Disable Response Actions
| |||||
Remediation
| |||||
Delete Quarantined files
| |||||
Agent Scripts Library | — | — |
| ||
Run Standard Script
| |||||
Run High-Risk Script
| |||||
Script Configurations
| |||||
Live Terminal | — | — |
| — | |
DETECTIONS & THREAT INTEL | |||||
> Detections | Rules | — | — |
| |
Prevention Rules
| |||||
Request WildFire Verdict Change
| |||||
Assets | Network Configuration | — | — |
| — |
Compliance | — |
| — | — | |
Asset Inventory | — |
| — | — | |
Endpoints | |||||
Endpoint Administrations | — | — |
| ||
Endpoint Management
| |||||
Retrieve Endpoint Data
| |||||
Endpoint Scan
| |||||
Change Managing Server
| |||||
Pause Protection — | |||||
Endpoint Groups | — | — |
| — | |
Endpoint Installations | — | — |
| — | |
Endpoint Prevention Policies | — | — |
| — | |
Global Exceptions | — | — |
| — | |
Endpoint extension policies | — | — |
| — | |
Endpoint Profiles | — | — |
| — | |
Host Firewall | — | — |
| — | |
Device Control | — | — |
| ||
Rules
| |||||
Exceptions
| |||||
Settings | |||||
> General Settings | Auditing | — |
| — | — |
General Configuration | — | — |
| — | |
Alert Notifications | — | — |
| — | |
> Cortex XDR - Analytics | On-demand Analytics | — | — |
| — |
> Broker VMs | Broker Services | — | — |
| |
Pathfinder Applet
| |||||
Pathfinder Data Collection | — | — |
| — | |
> Data Collection | Log Collections | — | — |
| — |
External Alerts Mapping | — | — |
| — | |
> Integrations | Public API | — | — |
| — |
Threat Intelligence | — | — |
| — | |
EDL Configuration | — | — |
| — | |
