Manage endpoint prevention profiles - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

You can manage the endpoint prevention profiles of your Cortex XDR agent endpoints in various ways, including editing, duplicating, and populating endpoint prevention policy rules.

After you create and customize your endpoint prevention profiles, you can manage them from the Prevention Profiles page as needed.

Edit a profile:

  1. From EndpointsPolicy ManagementPreventionProfiles, right-click the profile and select Edit.

  2. Make your changes and then click Save.

Export a profile:

  1. From EndpointsPolicy ManagementPreventionProfiles, right-click the profile and select Export Profile.

  2. Click Export. The profile is downloaded to your computer.

Duplicate a profile:

  1. From EndpointsPolicy ManagementPreventionProfiles, right-click the prevention profile and select Save as New. A new profile is displayed, containing the values from the profile that you selected.

  2. Edit the profile name and description, edit any values that you want to change, and then click Create.

  3. Populate a new prevention policy rule with your new profile.

Delete a profile:

  1. If necessary, delete or detach any policy rules that use the profile before attempting to delete it.

  2. From EndpointsPolicy ManagementPreventionProfiles, locate the profile that you want to remove. The profile's Usage Count cell must have a 0 (zero) value.

  3. Right-click the prevention profile and select Delete.

  4. To confirm the deletion, click Yes.

Before you modify or delete a profile, you can check which policy rules, if any, use the profile.

  • From EndpointsPolicy ManagementPreventionProfiles, right-click the profile and select View policy Rules.

    Cortex XDR opens the Prevention Policy Rules page on a new tab. This page is filtered, and only displays the rules that use the profile that you selected.

  1. From EndpointsPolicy ManagementPreventionProfiles, right-click the profile and select Create a new policy rule using this profile.

    Cortex XDR automatically populates the Platform selection based on your profile configuration, and assigns the profile based on the profile type.

  2. For Policy Name, enter a meaningful name, and optionally, add a description for the policy rule.

  3. Assign any additional profiles that you want to apply to your policy rule, and click Next. A list of endpoints is displayed.

  4. Select the target endpoints for the policy rule, or use the filters to define criteria for the policy rule to apply, and then click Next.

  5. Review the policy rule summary, and then click Done.

View information about your endpoint prevention profiles

The following table displays the fields that are available on the Prevention Profiles page, in alphabetical order. The table includes both default fields and additional fields that are available in the column manager. To view this page, go to EndpointsPolicy ManagementPreventionProfiles.

Field

Description

Associated Targets

The endpoints or endpoint groups to which the profile is assigned

Created By

The administrator who created the prevention profile

Created Time

The date and time at which the prevention profile was created

Description

An optional description entered by an administrator to describe the prevention profile

Modification Time

The date and time at which the prevention profile was modified

Modified By

The administrator who modified the prevention profile

Name

The prevention profile name

Profile ID

The ID assigned to to the profile by Cortex XDR

Summary

Summary of prevention profile configuration

Type

The prevention profile type, such as Malware or Agent Settings.

Usage Count

The number of policy rules that use the profile. If you want to delete a profile, ensure that this cell displays "0".