From the Cortex XDR management console you can pair child tenants, enabling you to view and investigate data, and initiate security actions.
Pairing a child tenant enables you to view and investigate Cortex XDR data of a child tenant, and initiate security actions on their behalf.
In your Cortex XDR management console, you have access to view the following pages:
Incidents
Alerts
Query Builder
Query Center and Results
Causality View
Timeline View
To initiate security actions on your child tenant, you need to create a Configuration. Security actions are managed by configurations you create in the Cortex XDR app and then assign to each of the child tenants. Each action requires its own configuration and allocation to a child tenant.
Note
Once a configuration is created Cortex XDR resets the child tenant data and synchronizes the security actions configured in the parent tenant.
You can create configuration for the following actions:
Starred Alerts Policies
Alert Exclusions
Profiles
Allow/Block Lists
The following sections describe how to manage your child tenants.