Endpoint security profiles can be used immediately, or customized, to protect your endpoints from threats.
Cortex XDR provides default security profiles that you can use out-of-the-box to immediately begin protecting your endpoints from threats. These profiles are applied to endpoints by mapping them to policies, and then mapping the policies to endpoints.
While security rules enable you to block or allow files to run on your endpoints, security profiles help you customize and reuse settings across different groups of endpoints. When the Cortex XDR agent detects behavior that matches a rule defined in your security policy, the Cortex XDR agent applies the security profile that is attached to the rule for further inspection.
Note
Profiles associated with one or more targets that are beyond the scope of your defined user permissions are locked, and cannot be edited.