Grant the correct cloud service provider permissions for Cortex XDR.
Notice
Requires a Cortex XDR license that has the Cloud Posture Security or Cloud Runtime Security add-on.
When you set up Cortex XDR to collect data from your cloud environments, the onboarding wizard will ensure that the correct permissions are granted for Cortex XDR. The following tables list the permissions required for each of the options available in the onboarding wizards.
Review the permissions required for each cloud service provider:
About automation permission scopes for unified Cortex platform cloud content packs
The unified Cortex platform cloud content packs (AWS, Azure, and GCP) require a defined set of automation permissions to enable full integration with your cloud environment. Review the following before configuring access:
Forward compatibility: The permission set declared by each pack covers both currently available commands and commands planned for future releases. This eliminates the need to re-authorize permissions with each pack update.
Granular review: To see the permissions required for a specific command, refer to the Command Details section in the pack documentation.
Custom scoping: If your security policy requires permissions more restrictive than the recommended defaults, use a custom deployment template to define your access levels manually.
Caution
Reducing permissions below the recommended level may cause specific commands to fail or limit functionality in future pack updates.