Cortex Agentic Assistant Agents

Abstract

Configure Agents for the Cortex Agentic Assistant.

Controls whether a user can access and interact with the Cortex Agentic Assistant, including managing actions and agents. This is the base permission required for any assistant interaction.

Permission

Description

Roles Example

None

The assistant panel is disabled. Users cannot use natural language queries or access the Agents Hub.

View/Edit

Users can open the Cortex Agentic Assistant panel, access the Agents Hub, view chat history, and view agent details and action details in the Hub. In addition, you can select the following:

  • Interact with Agents

  • Manage Actions

  • Manage Agents

  • Agents Admin

  • SOC Tier-1 Analyst: Needs to use the assistant for quick lookups, IP/hash enrichment, and guided investigation. No need to manage agents or actions.

  • SOC Tier-2 and 3 Analysts: full assistant interaction for complex investigations. No need to manage agents or actions.

  • Threat Hunter: Full assistant interaction for threat hunting. Can view agents and actions, but does not need to modify them

  • Security Engineer: Builds custom agents and actions for the organization. Does not need Agents Admin as they manage their own agents.

Cortex Agentic Assistant Agents sub-permissions

Sub-permissions

Description

Roles Example

Interact with Agents

Interact with Agents: Users can trigger Agents in the Cortex Agentic Assistant. Users can access their own agents, public agents, and system agents. For more information, see Chat with an Agentic Assistant agent.

  • Checked: The user can take actions, such as sending messages and queries to the assistant, starting new conversations with agents, and executing insight actions (Add as IOC, etc).

  • Unchecked: The user can view the assistant panel, home screen, Agents Hub (read-only, based on the parent View/Edit level), chat history, and previous conversations. The user can also view insights cards for IPs, hashes, and domains.

All roles should require full assistant interaction.

Manage Actions

Controls the ability to manage agent actions - the discrete operations that agents can perform. Actions are the building blocks that agents use to execute tasks. For more information, see Manage actions.

  • Checked: Users can manage actions, register scripts as agent actions, and configure action parameters and descriptions.

  • Unchecked: The user can view the Actions tab in the Agents Hub (read-only, browse available actions and their configurations. They can also view action details, parameters, and descriptions.

Security Engineer

Manage Agents

Controls the ability to create and manage AI agents. Users with this permission can create custom agents, edit their own agents, and configure agent properties. For more information, see Manage agents.

  • Checked: Users can manage agents, configure agent instructions, and assign/remove actions from agents.

  • Unchecked: Users can view the Agents tab in the Agents Hub, browse available agents, and their configurations. They can also view agent details, descriptions, and assigned actions.

Security Engineer

Agents Admin

The highest-level agent management permission. When checked, it overrides the ownership restrictions of the Manage Agents checkbox, allowing the user to edit and manage ALL agents in the organization, including system agents and agents created by other users. For more information, see Agents Hub.

  • Checked: Users can edit/delete any agent, including system agents, configure custom instructions for system agents, and manage organization-wide agent settings. The user can override all agent ownership restrictions.

  • Unchecked: The user cannot edit system agents, cannot edit agents created by other users, and cannot manage organization-wide agent configurations.

Note

If Manage Agents is checked, the user can only edit their own agents.