Learn more about the Cortex XSIAM predefined user role called Responder.
The Responder role is used to view and triage alerts, and access all response capabilities excluding Live Terminal.
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Dashboards | — | — | ✓ | — |
Command Center Dashboards | — | ✓ | N/A | — |
Ingestion Monitoring | ✓ | — | N/A | — |
Reports | — | — | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Alerts & incidents | — | ✓ | — | ✓ |
Add Trigger Playbook — | ||||
Create Incident — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Query Center | — | — | ✓ | — |
Personal Query Library | — | ✓ | — | — |
Forensics | — | ✓ | — | — |
Host Insights | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Action Center | — | — | ✓ | ✓ |
Isolate ✓ | ||||
Terminate Process ✓ | ||||
Quarantine ✓ | ||||
File Retrieval — | ||||
File Search — | ||||
Destroy Files — | ||||
Allow List/Block List ✓ | ||||
Disable Response Actions — | ||||
Remediation — | ||||
Delete Quarantined files — | ||||
EDL | — | N/A | ✓ | — |
Agent Scripts Library | ✓ | — | — | ✓ |
Run Standard Script — | ||||
Run High-Risk Script — | ||||
Script Configurations — | ||||
Live Terminal | ✓ | N/A | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Playbooks | N/A | ✓ | — | — |
Scripts | N/A | ✓ | — | ✓ |
Create scripts that will run with super user — | ||||
Playground | — | N/A | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Vulnerability Testing | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Rules | — | — | ✓ | ✓ |
Prevention Rules — | ||||
Request WildFire Verdict Change ✓ | ||||
Attack Surface Rules | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Threat Intel | — | — | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Jupyter | ✓ | N/A | — | — |
Observability | ✓ | N/A | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Network Configuration | ✓ | — | — | — |
Compliance | ✓ | — | N/A | — |
Asset Inventory | ✓ | — | — | — |
Asset Roles Configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Endpoint Administrations | ✓ | — | — | ✓ |
Endpoint Management — | ||||
Retrieve Endpoint Data — | ||||
Endpoint Scan — | ||||
Change Managing Server — | ||||
Pause Protection — | ||||
Endpoint Token Management — | ||||
Endpoint Groups | ✓ | — | — | — |
Endpoint Prevention Policies | ✓ | — | — | — |
Global Exceptions | ✓ | — | — | — |
Endpoint Profiles | ✓ | — | — | — |
Endpoint Extension Policies | ✓ | — | — | — |
Endpoint Installations | ✓ | — | — | — |
Host Firewall | ✓ | — | — | — |
Device Control | ✓ | — | — | ✓ |
Device Control Rules — | ||||
Device Control Exceptions — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Browse | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Auditing | ✓ | — | N/A | — |
Alert Notifications | ✓ | — | — | — |
General Configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
On-demand Analytics | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Broker Services | ✓ | — | — | ✓ |
Pathfinder Applet — | ||||
Pathfinder Data Collection | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Log Collections | ✓ | — | — | — |
Data Sources | ✓ | — | — | — |
External Alerts Mapping | ✓ | — | — | — |
Integrations | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Data Management | ✓ | N/A | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Public API | ✓ | — | — | — |
Threat Intelligence | ✓ | — | — | — |
Long Running HTTP Integrations configuration | ✓ | — | — | — |
Credentials | N/A | ✓ | — | — |
Apps | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Incident Properties | ✓ | — | — | — |
Exclusion List | — | ✓ | — | — |
Fields and Types | ✓ | — | — | — |
Layouts | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Support | ✓ | N/A | — | — |