Learn more about the Cortex XSIAM predefined user role called Scoped Endpoint Admin.
The Scoped Endpoint Admin role can only access product areas that support endpoint scoped-based access control (SBAC) - Endpoint Administration, Action Center, Response, Dashboards, and Reports.
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Dashboards | — | — | ✓ | — |
Command Center Dashboards | — | ✓ | N/A | — |
Ingestion Monitoring | ✓ | — | N/A | — |
Reports | — | — | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Alerts & incidents | ✓ | — | — | ✓ |
Add Trigger Playbook — | ||||
Create Incident — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Query Center | ✓ | — | — | — |
Personal Query Library | ✓ | — | — | — |
Forensics | ✓ | — | — | — |
Host Insights | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Action Center | — | — | ✓ | ✓ |
Isolate ✓ | ||||
Terminate Process ✓ | ||||
Quarantine ✓ | ||||
File Retrieval ✓ | ||||
File Search ✓ | ||||
Destroy Files ✓ | ||||
Allow List/Block List — | ||||
Disable Response Actions ✓ | ||||
Remediation — | ||||
Delete Quarantined files — | ||||
EDL | ✓ | N/A | — | — |
Agent Scripts Library | — | — | ✓ | ✓ |
Run Standard Script ✓ | ||||
Run High-Risk Script ✓ | ||||
Script Configurations — | ||||
Live Terminal | — | N/A | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Playbooks | N/A | ✓ | — | — |
Scripts | N/A | ✓ | — | ✓ |
Create scripts that will run with super user — | ||||
Playground | — | N/A | ✓ | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Vulnerability Testing | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Rules | ✓ | — | — | ✓ |
Prevention Rules — | ||||
Request WildFire Verdict Change — | ||||
Attack Surface Rules | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Threat Intel | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Jupyter | ✓ | N/A | — | — |
Observability | ✓ | N/A | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Network Configuration | ✓ | — | — | — |
Compliance | ✓ | — | N/A | — |
Asset Inventory | ✓ | — | — | — |
Asset Roles Configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Endpoint Administrations | — | — | ✓ | ✓ |
Endpoint Management ✓ | ||||
Retrieve Endpoint Data ✓ | ||||
Endpoint Scan ✓ | ||||
Change Managing Server ✓ | ||||
Pause Protection — | ||||
Endpoint Token Management ✓ | ||||
Endpoint Groups | ✓ | — | — | — |
Endpoint Prevention Policies | ✓ | — | — | — |
Global Exceptions | ✓ | — | — | — |
Endpoint Profiles | ✓ | — | — | — |
Endpoint Extension Policies | ✓ | — | — | — |
Endpoint Installations | ✓ | — | — | — |
Host Firewall | ✓ | — | — | — |
Device Control | ✓ | — | — | ✓ |
Device Control Rules — | ||||
Device Control Exceptions — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Browse | — | ✓ | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Auditing | ✓ | — | N/A | — |
Alert Notifications | ✓ | — | — | — |
General Configuration | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
On-demand Analytics | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Broker Services | ✓ | — | — | ✓ |
Pathfinder Applet — | ||||
Pathfinder Data Collection | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Log Collections | ✓ | — | — | — |
Data Sources | ✓ | — | — | — |
External Alerts Mapping | ✓ | — | — | — |
Integrations | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Data Management | ✓ | N/A | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Public API | ✓ | — | — | — |
Threat Intelligence | ✓ | — | — | — |
Long Running HTTP Integrations configuration | ✓ | — | — | — |
Credentials | N/A | ✓ | — | — |
Apps | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Incident Properties | ✓ | — | — | — |
Exclusion List | ✓ | — | — | — |
Fields and Types | ✓ | — | — | — |
Layouts | ✓ | — | — | — |
Components | Permissions | Additional Action Permissions | ||
---|---|---|---|---|
None | View | View/Edit | Edit/None | |
Support | — | N/A | ✓ | — |