Learn more about the Cortex XDR predefined user role called Privileged Investigator.
The Privileged Investigator role is used to view and triage alerts, incidents, and rules, view endpoint profiles and policies, and Analytics management screens.
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Dashboards | — | — | ✓ | — |
Ingestion Monitoring | ✓ | — | N/A | — |
Reports | — | — | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Alerts & incidents | — | — | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Query Center | — | — | ✓ | — |
Personal Query Library | — | — | ✓ | — |
Forensics | — | — | ✓ | — |
Host Insights | — | — | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Action Center | — | — | ✓ | ✓ |
Isolate — | ||||
Terminate Process — | ||||
Quarantine — | ||||
File Retrieval — | ||||
File Search — | ||||
Destroy Files — | ||||
Allow List/Block List — | ||||
Disable Response Actions — | ||||
Remediation — | ||||
Delete Quarantined files — | ||||
EDL | — | N/A | ✓ | — |
Agent Scripts Library | ✓ | — | — | ✓ |
Run Standard Script — | ||||
Run High-Risk Script — | ||||
Script Configurations — | ||||
Live Terminal | ✓ | N/A | — | — |
Automation Rules | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Rules | — | ✓ | — | ✓ |
Prevention Rules — | ||||
Request WildFire Verdict Change — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Network Configuration | — | — | ✓ | — |
Compliance | — | ✓ | N/A | — |
Asset Inventory | — | ✓ | — | — |
Asset Roles Configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Endpoint Administrations | ✓ | — | — | ✓ |
Endpoint Management — | ||||
Retrieve Endpoint Data — | ||||
Endpoint Scan — | ||||
Change Managing Server — | ||||
Pause Protection — | ||||
Endpoint Token Management ✓ | ||||
Endpoint Groups | ✓ | — | — | — |
Endpoint Prevention Policies | — | ✓ | — | — |
Global Exceptions | ✓ | — | — | — |
Endpoint Profiles | — | ✓ | — | — |
Endpoint Extension Policies | — | ✓ | — | — |
Endpoint Installations | ✓ | — | — | — |
Host Firewall | — | ✓ | — | — |
Device Control | — | ✓ | — | ✓ |
Device Control Rules — | ||||
Device Control Exceptions — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Auditing | ✓ | — | N/A | — |
Alert Notifications | ✓ | — | — | — |
General Configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
On-demand Analytics | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Broker Services | ✓ | — | — | ✓ |
Pathfinder Applet — | ||||
Pathfinder Data Collection | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Data Management | ✓ | N/A | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Public API | ✓ | — | — | — |
Threat Intelligence | ✓ | — | — | — |
Long Running HTTP Integrations configuration | — | — | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Support | — | N/A | ✓ | — |