Licenses - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-06-20
End_of_Life
EoL
Category
Administrator Guide
Abstract

The Cortex XSOAR license type determines which components users can utilize. License types are community, starter, or enterprise. Users include audit and full.

Cortex XSOAR requires a yearly license per user, with the exception of the Cortex XSOAR Community Edition. Multi-year licenses are available. You can view and download your license from the Cortex Gateway.

License Usage

This table describes the types of Cortex XSOAR licenses which are used in the following circumstances:

Version

Usage

Cortex XSOAR Community Edition

For evaluating Cortex XSOAR, partner development, and general free usage.

Cortex XSOAR Threat Intel Management Edition

Built for Threat Intelligence & Security Operations teams who need threat intelligence based automation.

Cortex XSOAR Starter Edition

Built for Security Operations and Incident Response customers who need case management with collaboration and playbook driven automation

Cortex XSOAR Edition

Built for customers who need a complete security automation solution.

License Quota

The following table describes the license quotas of each version in Cortex XSOAR. The license includes the number of users that can be configured. Self service read-only users do not count as users in your license pool.

comparison-matrix.png

Note

Intel feed quotas are based on the selected Fetches Indicators field in the integration instance settings, not the enabled status. Disabling an integration instance does not affect the Intel feed quota. For example, if the AWS Feed is enabled and is fetching indicators and you don't want to include this in your quota, open the integration settings and deselect the Fetches Indicators checkbox.

Multi-Tenant Licenses

XSOAR TIM, XSOAR Starter Edition, and XSOAR are all available for multi-tenant deployments, with a multi-tenant license. Cortex XSOAR multi-tenant deployments are designed for MSSPs (managed security service providers) and enterprises that require strict data segregation, but also need the flexibility to share and manage critical security practices across tenant accounts.

Users

For license purposes, Cortex XSOAR includes the following users:

  • Audit users

    Audit users have read-only permission in Cortex XSOAR, so they do not have the ability to edit system components and data, or run commands, automations, and playbooks. Audit users can view incidents, dashboards, and reports. This should be used for example, by SOC managers who do not need to investigate incidents, change data, etc.

  • Full users

    Full users have read-write permission in Cortex XSOAR, meaning they have the ability to view and edit system components and data. They can investigate incidents, run automation scripts and playbooks, chat in the War Room, etc.

For more information about roles, see Users and Roles Overview.

Note

Self-service read-only users are not counted in your license.