Agent Groups - Configure Agent Groups permission. - Administrator Guide - Cortex XSIAM - Cortex

Agent Groups - Configure Agent Groups permission. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Configure Agent Groups permission.

Create and manage logical groups of endpoints. These groups are used to assign specific security policies and target actions to specific subsets of devices.

For more information, see Define endpoint groups.

Permissions	Description	Roles Example
None	No access to the Groups page (Inventory → Endpoints → Groups.
View	Read-only access to the Endpoint Groups page, including read-only access to agent group configurations, group details, members, and criteria.	SOC Tier 1 Analyst: Understanding which group an endpoint belongs to helps contextualize issues. SOC Tier 2 Analyst: Group membership is important for understanding applied policies. SOC Tier 3 Analyst: Full visibility helps understand policy application and identify misconfigurations. Threat Hunter: Understanding endpoint grouping helps target hunting activities
View/Edit	All view capabilities plus management actions, such as creating, editing, and deleting groups.	Security Engineer: Responsible for organizing endpoints into appropriate groups

Consider adding the following permissions:

Permission	Permission Level	Reason
Agent Administrations	View	Required. Groups organize endpoints. Without endpoint visibility, group membership cannot be understood or validated.
Agent Prevention Policies	View	Required. Policies are assigned to groups. Understanding which policies target which groups is essential for group context.
Agent Profiles	View	Strongly recommended. Profiles are assigned to groups. Understanding profile assignments prevents configuration conflicts when reorganizing groups.
Agent Extension Policies	View	Strongly recommended. Extension policies target groups. Understanding extension assignments prevents disrupting Device Control, Host Firewall, or Disk Encryption when modifying groups.
Agent Installations	View	Recommended. Installation packages may be targeted by group. Visibility helps coordinate deployment with group structure.