Privileged Responder

Learn more about the Cortex XDR predefined user role called Privileged Responder.
The
Cortex
XDR
predefined user role called
Privileged Responder
is used to view and triage alerts and incidents, access all response capabilities, and configure rules, policies, and profiles.
Privileged Responder
Navigation Headings
Components
Permissions
Additional Action Permissions
None
View
View/Edit
Edit/None
DASHBOARDS & REPORTS
Dashboards
Ingestion Monitoring
Reports
INCIDENT RESPONSE
>
Incidents & Alerts
Alerts & Incidents
>
Investigation
Query Center
Personal Query Library
Forensics
Host Insights
>
Response
Action Center
Isolate
Terminate Process
Quarantine
EDL
File Retrieval
File Search
Destroy Files
Allow List/Block List
Disable Response Actions
Remediation
Delete Quarantined files
Agent Scripts Library
Run Standard Script
Run High-Risk Script
Script Configurations
Live Terminal
DETECTIONS & THREAT INTEL
>
Detections
Rules
Prevention Rules
Request WildFire Verdict Change
Assets
Network Configuration
Compliance
Asset Inventory
Endpoints
Endpoint Administrations
Endpoint Management
Retrieve Endpoint Data
Endpoint Scan
Change Managing Server
Pause Protection
Endpoint Groups
Endpoint Installations
Endpoint Prevention Policies
Global Exceptions
Endpoint extension policies
Endpoint Profiles
Host Firewall
Device Control
Rules
Exceptions
Settings
>
General Settings
Auditing
General Configuration
Alert Notifications
>
Cortex XDR - Analytics
On-demand Analytics
>
Broker VMs
Broker Services
Pathfinder Applet
Pathfinder Data Collection
>
Data Collection
Log Collections
External Alerts Mapping
>
Integrations
Public API
Threat Intelligence
EDL Configuration

Recommended For You