Learn more about the Cortex XDR predefined user role called Security Admin.
Can triage and investigate incidents and alerts, respond (excluding Live Terminal), and edit profiles and policies. A comprehensive security role with response actions (excluding Live Terminal), rule editing, policy/profile editing, agent management, and configuration access.
A Security Admin maintains integrations, log flow, and system health.
Tip
Assign to security engineers or SOC managers who need to manage the security posture end-to-end, configuring detection/prevention rules, managing endpoint policies and profiles, setting up data sources and integrations, and responding to incidents with basic containment actions.
To quickly see exactly which pages and actions a role allows, click on the role name, which opens a read-only view of all checked permissions. For more information about the permissions, see Role permissions by components.