Host Insights permissions

Abstract

Configure access to the Host Insights permissions.

Limits access to Host Insights/Inventory (InventoryEndpointsHost Insights)), which enables you to gain visibility and inventory into the business and IT operational data on all your endpoints. For more information, see Host Inventory.

Unlike Forensics, which is a point-in-time snapshot, Host Insights is designed for broad fleet visibility and hygiene. It covers:

  • Host Inventory: Operating system details, installed software, local user accounts, and listening ports.

  • Searchability: The ability to hunt for "at-risk" systems across the environment (e.g., finding every server running an outdated version of Java).

Note

It is important to distinguish between Host Insights and Asset Inventory permissions. Host Insights is a deep insight into endpoints that have a Cortex XDR agent installed. Asset Inventory is a broad list of everything on your network (unmanaged devices, cloud buckets, etc.). For more information, see Asset Inventory permissions.

Accessing the Host Inventory menu (from Host Insights) provides different capabilities based on your license. If you have Cortex XSIAM Enterprise or Cortex XSIAM NG-SIEM with a Host Insights license, you have access to Vulnerability Assessment. For Cortex XSIAM Premium or Cloud Security (Posture/Runtime) licenses, you have access to Vulnerability Management. See Vulnerability Management permissions.

Permissions

Description

Roles Example

None

Limits access to the Host Inventory menu.

View

Users can search the inventory, view host details, and browse software lists. They can open the Asset View but cannot trigger management actions.

  • SOC Tier-1 Analyst: View host inventory and vulnerability data for triage.

  • Security Engineer: View host data for detection development.

View/Edit

Full access to the inventory, including the ability to manage scan settings or trigger manual inventory refreshes.

  • SOC Tier-2 Analyst: View host data and escalate for file search/destroy.

  • SOC Tier-3 Analyst: Full host insights, including file search and destroy.

  • Threat Hunter: Full host insights for endpoint hunting.