Learn more about the Cortex XDR predefined user role called Viewer.
The Viewer role can view the majority of the features for this instance and edit reports.
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Dashboards | — | ✓ | — | — |
Ingestion Monitoring | ✓ | — | N/A | — |
Reports | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Alerts & incidents | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Query Center | — | ✓ | — | — |
Personal Query Library | — | ✓ | — | — |
Forensics | — | ✓ | — | — |
Host Insights | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Action Center | — | ✓ | — | ✓ |
Isolate — | ||||
Terminate Process — | ||||
Quarantine — | ||||
File Retrieval — | ||||
File Search — | ||||
Destroy Files — | ||||
Allow List/Block List — | ||||
Disable Response Actions — | ||||
Remediation — | ||||
Delete Quarantined files — | ||||
EDL | ✓ | N/A | — | — |
Agent Scripts Library | — | ✓ | — | ✓ |
Run Standard Script — | ||||
Run High-Risk Script — | ||||
Script Configurations — | ||||
Live Terminal | ✓ | N/A | — | — |
Automation Rules | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Rules | — | ✓ | — | ✓ |
Prevention Rules — | ||||
Request WildFire Verdict Change — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Network Configuration | ✓ | — | — | — |
Compliance | ✓ | — | N/A | — |
Asset Inventory | — | ✓ | — | — |
Asset Roles Configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Endpoint Administrations | — | ✓ | — | ✓ |
Endpoint Management — | ||||
Retrieve Endpoint Data — | ||||
Endpoint Scan — | ||||
Change Managing Server — | ||||
Pause Protection — | ||||
Endpoint Token Management — | ||||
Endpoint Groups | — | ✓ | — | — |
Endpoint Prevention Policies | — | ✓ | — | — |
Global Exceptions | — | ✓ | — | — |
Endpoint Profiles | — | ✓ | — | — |
Endpoint Extension Policies | — | ✓ | — | — |
Endpoint Installations | — | ✓ | — | — |
Host Firewall | — | ✓ | — | — |
Device Control | — | ✓ | — | ✓ |
Device Control Rules — | ||||
Device Control Exceptions — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Auditing | — | ✓ | N/A | — |
Alert Notifications | ✓ | — | — | — |
General Configuration | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
On-demand Analytics | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Broker Services | ✓ | — | — | ✓ |
Pathfinder Applet — | ||||
Pathfinder Data Collection | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Data Management | ✓ | N/A | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Public API | ✓ | — | — | — |
Threat Intelligence | ✓ | — | — | — |
Long Running HTTP Integrations configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Support | ✓ | N/A | — | — |