XDR Capabilities

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XDR Capabilities

L3 Networker

Does XDR has the capability to identify and block admin access on end user workstation?

2 REPLIES 2

L4 Transporter

Hello @RamyashreeMada 

 

Thanks for reaching out on Live Community!

Unfortunately XDR do not control the access for endpoint users. It can prevent malicious activity but cannot control user's access directly. You can use "User risk view" to investigate and assess user behaviour. 

With the User Risk view, you can do the following.

  • Assess the user's behavior and score.

  • Review the user's working hours and past alerts.

  • Analyze the user's behavior over time and compare to their peers with the same asset role.

  • Star the user to be included in the watchlist.

Please follow below guide to learn more about investigating a user.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Investigate...

 

Please mark the response as "Accept as Solution" if it answers your query.

 

Regards.

L0 Member

There are a bunch of solutions that "block" admin access on endpoints. Most of them overtakes the normal Admin account and then provides granular access to all other accounts stripping them for any admin rights and then you can make an approval workflow on a per app basis or for a limited time. There will be a lot of functionality that comes along with those solutions. Often software/inventory management and 3rd party application updates are some of them.

  • 583 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!