Manage a child tenant - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

From the Cortex XDR management console you can view and investigate child tenant data and initiate security actions.

Multi-tenancy enables you to view and investigate Cortex XDR data of a child tenant, and initiate security actions on their behalf.

In your Cortex XDR management console, you have access to view the following pages:

  • Incidents

  • Alerts

  • Query Builder

  • Query Center and Results

  • Causality View

  • Timeline View

To initiate security actions on your child tenant, you need to create a Configuration. Security actions are managed by configurations you create in Cortex XDR and then assign to each of the child tenants. Each action requires its own configuration and allocation to a child tenant.

Note

Once a configuration is created Cortex XDR resets the child tenant data and synchronizes the security actions configured in the parent tenant.

You can create configuration for the following actions:

  • Starred Alerts Policies

  • Alert Exclusions

  • Profiles

  • Allow/Block Lists