ITDR Honey Users for Cloud Identities

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ITDR Honey Users for Cloud Identities

L2 Linker

Hi Everyone

 

We're using ITDR module and are manually assigning asset role as described here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Asset-Roles

 

Only on-premises identities from AD can be assigned to asset roles. The cloud identities from Entra-ID are not available and therefore can't be assigned. Both directories are integrated with Cloud Identity Engine separately (no Entra hybrid setup) and authentication logs are also ingested into Cortex.

 

What am I missing here? Is the asset role feature not available for cloud only identities?

 

Thanks & Best Regards

3 REPLIES 3

L5 Sessionator

I'm aware of this article, but it doesn't describe how to add a cloud identities to asset roles. The format only supports AD users:

Rocky25_0-1728644950556.png

L2 Linker

Hi Everyone

 

Finally received a statement from TAC support, although disappointing: "About allowing Cloud identities to be added to the Asset Roles through the CIE, it seems that only managed endpoints can be added to roles currently."

 

Best Regards

  • 369 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!