Compliance (Legacy) permissions - Configure Cloud Compliance (Legacy) permissions for cloud assets. - Administrator Guide - Cortex XSIAM - Cortex

Compliance (Legacy) permissions - Configure Cloud Compliance (Legacy) permissions for cloud assets. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-04

Notice

Requires a Cortex XSIAM Enterprise Plus license. If you have a Cloud Posture Security, Cloud Runtime Security, or Cortex XSIAM Premium license, see Compliance - Cloud permissions.

For more information, see Cortex compliance flow.

Permissions	Description	Roles Example
None	Cannot view the Compliance menu or any related pages.	SOC Tier-1 Analyst and Threat Hunter: Compliance monitoring is not part of daily triage/relevant to threat hunting.
View	Read-only permission to view CIS compliance violations for Cloud assets.	SOC Tier-2 and 3 Analysts: May reference compliance status/data during investigations/advanced analysis. Security Engineer: Monitor compliance posture.

Consider adding the following permissions:

Permission	Permission Level	Reason
Asset Inventory	View	Highly recommended to view assets associated with compliance violations.
Host Insights	View	Highly recommended to view endpoint details for the compliance context.
Dashboards	Enabled	Enabled: Recommended to view endpoint details for compliance context.
Query Center	View	Recommended to run XQL queries on network data.