Manage a Child Tenant - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

From the Cortex XDR management console you can pair child tenants, enabling you to view and investigate data, and initiate security actions.

Pairing a child tenant enables you to view and investigate Cortex XDR data of a child tenant, and initiate security actions on their behalf.

In your Cortex XDR management console, you have access to view the following pages:

  • Incidents

  • Alerts

  • Query Builder

  • Query Center and Results

  • Causality View

  • Timeline View

To initiate security actions on your child tenant, you need to create a Configuration. Security actions are managed by configurations you create in the Cortex XDR app and then assign to each of the child tenants. Each action requires its own configuration and allocation to a child tenant.


Once a configuration is created Cortex XDR resets the child tenant data and synchronizes the security actions configured in the parent tenant.

You can create configuration for the following actions:

  • Starred Alerts Policies

  • Alert Exclusions

  • Profiles

  • Allow/Block Lists

The following sections describe how to manage your child tenants.