Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

User details

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User details

L3 Networker

Hi Team,

 

Can we check user details on the XDR console - Local user with admin privileges?

 

Any way to identify such users?

 

Regards,

Shahwaz

5 REPLIES 5

L3 Networker

Yes, you can easily check user privileges in the Cortex XDR console by following these steps:

  1. Log in to the Cortex XDR management console.

  2. Select Settings → Configurations → Access Management → Users.

  3. In the Users page, you will find a variety of options to assist you in managing users

  4. Please help out other users and “Accept as Solution” if a post helps solve your problem !

    Read more about how and why to accept solutions https://live.paloaltonetworks.com/t5/general-topics/how-and-why-to-accept-a-solution-to-your-post/td...

L5 Sessionator

Hello Shahwaz,

 

Do you mean the windows local account with admin rights?

Ashutosh Patil

Yes, correct. Any way to identify that through XDR.

L4 Transporter

Hi @Shahwaz_Md 

 

Thank you for writing to live community! Yes, you can identify windows user accounts with admin rights however it would require Host Insights License. If you have HI License, you may use "Users to Groups" under Host Inventory locate at Incident Response → Investigation → Host Inventory. User to Groups shows a list mapping of all the users, local and in your domain, to the existing user groups on an endpoint. And you may filter Group names by "Administrator" to look for users with Admin rights. 

For details you may check under here

 

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.

L0 Member

Accept as Solution

  • 1843 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!