Create a Security Managed Action - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-03-19
Category
Administrator Guide
Abstract

Create a security type action to perform on behalf of your child tenants.

After you have created and assigned a configuration for each of your child tenant’s security actions, you can define the specific managed action on behalf of the child tenant.

  1. Navigate to each of the following Cortex XDR pages:

    • RulesBIOCRules and Exceptions Configurations panel

    • InvestigationIncident ManagementExclusionsAlert Exclusions Configuration panel

    • InvestigationIncident ManagementStarred AlertsStarred Alerts Configuration panel

    • EndpointsPolicy ManagementPreventionProfilesProfile Configuration panel

    • ResponseAction CenterCurrently Applied ActionsBlock List/Allow ListAllow List/Block List configuration panel

  2. In the corresponding Configuration panel, select the action configuration you created and allocated to your child tenant.

    The corresponding security action Table displays the actions managing the child tenant.

  3. Depending on the security action, select:

    • + Add BIOC to create a BIOC Rule.

    • + New Exception to create a BIOC Exception.

    • + Add Exclusion to create an Alert Exclusion.

    • + Add Starring Configuration to create a started alert inclusion.

    • + New Profile to create a new endpoint profile.

    Note

    Profiles you create are automatically cloned to your child tenants.