Administrators from Building 3 have been added to Cortex XSIAM to perform limited functions on a subset of endpoints. Custom roles have been created and applied to the administrators to limit their permissions, but their access should also be constrained through the principle of least privilege according to the endpoints they are allowed to manage. All endpoints are part of an endpoint group named "Building3," and some endpoints may also be members of other endpoint groups.
Which technical control will restrict the ability of the administrators to manage endpoints outside of their area of responsibility, while maintaining visibility to Building 3's endpoints?
To enforce least privilege for Building 3 administrators, SBAC must be enabled in Restrictive Mode and the administrators' scope must be limited to EG:Building3. This ensures they can only manage endpoints within the Building 3 group, even if those endpoints are also part of other groups, while blocking access to endpoints outside their responsibility.
Barrett
2 months agoTwanna
2 months agoRoselle
3 months agoFausto
3 months agoVesta
3 months agoNikita
3 months agoCarylon
3 months agoCarry
4 months agoJustine
4 months agoPura
4 months agoAngelica
4 months agoCiara
5 months agoJesusita
5 months agoYuette
5 months agoTonette
5 months agoMozell
5 months agoLucy
6 months agoCheryl
6 months agoRuby
6 months agoMira
6 months agoKing
6 months agoAlberta
7 months agoJeannine
7 months agoJanet
7 months agoViva
7 months agoAlbert
2 months agoMargart
2 months agoGlenn
2 months agoOdelia
2 months agoRodrigo
6 months ago