Host Insights permissions ↗
Configure access to the Host Insights permissions.
Limits access to Host Insights/Inventory ( → → ), which enables you to gain visibility and inventory into the business and IT operational data on all your endpoints. For more information, see Host Inventory.
Unlike Forensics, which is a point-in-time snapshot, Host Insights is designed for broad fleet visibility and hygiene. It covers:
Host Inventory: Operating system details, installed software, local user accounts, and listening ports.
Searchability: The ability to hunt for "at-risk" systems across the environment (e.g., finding every server running an outdated version of Java).
Note
It is important to distinguish between Host Insights and Asset Inventory permissions. Host Insights is a deep insight into endpoints that have a Cortex XDR agent installed. Asset Inventory is a broad list of everything on your network (unmanaged devices, cloud buckets, etc.). For more information, see Asset Inventory permissions.
Accessing the Host Inventory menu (from Host Insights) provides different capabilities based on your license. If you have Cortex XSIAM Enterprise or Cortex XSIAM NG-SIEM with a Host Insights license, you have access to Vulnerability Assessment. For Cortex XSIAM Premium or Cloud Security (Posture/Runtime) licenses, you have access to Vulnerability Management. See Vulnerability Management permissions.
Permissions | Description | Roles Example |
|---|---|---|
None | Limits access to the Host Inventory menu. | |
View | Users can search the inventory, view host details, and browse software lists. They can open the Asset View but cannot trigger management actions. |
|
View/Edit | Full access to the inventory, including the ability to manage scan settings or trigger manual inventory refreshes. |
|