XDR Account Admin
Learn more about the Cortex XDR predefined user role
called XDR Account Admin.
The
Cortex
XDR
predefined
user role called XDR Account Admin
provides
full access to the given app(s), including all instances added to
the app(s) in the future. App Administrator can assign roles for
apps instances, and it can also activate app instances specific
to the app.Navigation Headings | Components | Permissions | Additional Action Permissions | ||
|---|---|---|---|---|---|
None | View | View/Edit | Edit/None | ||
DASHBOARDS & REPORTS | Dashboards | — | — | 
| — |
Ingestion Monitoring | — |
| — | — | |
Reports | — | — |
| — | |
INCIDENT RESPONSE | |||||
> Incidents & Alerts | Alerts & Incidents | — | — |
| — |
> Investigation | Query Center | — | — |
| — |
Personal Query Library | — | — |
| — | |
Forensics | — | — |
| — | |
Host Insights | — | — |
| — | |
> Response | Action Center | — | — |
| |
Isolate
| |||||
Terminate Process
| |||||
Quarantine
| |||||
EDL
| |||||
File Retrieval
| |||||
File Search
| |||||
Destroy Files
| |||||
Allow List/Block List
| |||||
Disable Response Actions
| |||||
Remediation
| |||||
Delete Quarantined files
| |||||
Agent Scripts Library | — | — |
| ||
Run Standard Script
| |||||
Run High-Risk Script
| |||||
Script Configurations
| |||||
Live Terminal | — | — |
| — | |
DETECTIONS & THREAT INTEL | |||||
> Detections | Rules | — | — |
| |
Prevention Rules
| |||||
Request WildFire Verdict Change
| |||||
Assets | Network Configuration | — | — |
| — |
Compliance | — |
| — | — | |
Asset Inventory | — |
| — | — | |
Endpoints | |||||
Endpoint Administrations | — | — |
| ||
Endpoint Management
| |||||
Retrieve Endpoint Data
| |||||
Endpoint Scan
| |||||
Change Managing Server
| |||||
Pause Protection
| |||||
Endpoint Groups | — | — |
| — | |
Endpoint Installations | — | — |
| — | |
Endpoint Prevention Policies | — | — |
| — | |
Global Exceptions | — | — |
| — | |
Endpoint extension policies | — | — |
| — | |
Endpoint Profiles | — | — |
| — | |
Host Firewall | — | — |
| — | |
Device Control | — | — |
| ||
Rules
| |||||
Exceptions
| |||||
Settings | |||||
> General Settings | Auditing | — |
| — | — |
General Configuration | — | — |
| — | |
Alert Notifications | — | — |
| — | |
> Cortex XDR - Analytics | On-demand Analytics | — | — |
| — |
> Broker VMs | Broker Services | — | — |
| |
Pathfinder Applet
| |||||
Pathfinder Data Collection | — | — |
| — | |
> Data Collection | Log Collections | — | — |
| — |
External Alerts Mapping | — | — |
| — | |
> Integrations | Public API | — | — |
| — |
Threat Intelligence | — | — |
| — | |
EDL Configuration | — | — |
| — | |
