Manage a Child Tenant - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

From the Cortex XSIAM management console you can pair child tenants, enabling you to view and investigate data, and initiate security actions.

Pairing a child tenant enables you to view and investigate Cortex XSIAM data of a child tenant, and initiate security actions on their behalf.

In your Cortex XSIAM management console, you have access to view the following pages:

  • Incidents

  • Alerts

  • Query Builder

  • Query Center and Results

  • Causality View

  • Timeline View

To initiate security actions on your child tenant, you need to create a Configuration. Security actions are managed by configurations you create in the Cortex XSIAM app and then assign to each of the child tenants. Each action requires its own configuration and allocation to a child tenant.


Once a configuration is created Cortex XSIAM resets the child tenant data and synchronizes the security actions configured in the parent tenant.

You can create configuration for the following actions:

  • BIOC Rules and Exceptions

  • Starred Alerts Policies

  • Alert Exclusions

  • Profiles

  • Allow/Block Lists

The following sections describe how to manage your child tenants.