Create and Allocate Configurations - Administrator Guide - Cortex XDR - Cortex XSIAM - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-03-23
Last date published
2023-03-23

To manage security actions on behalf of your child tenant, you need to first create and allocate an action configuration.

  1. Navigate to each of the following Cortex XDR pages and follow the detailed steps:

    • Detection & Threat IntelDetection RulesBIOCRules and Exceptions Configurations panel

    • Incident ResponseIncident ConfigurationAlert ExclusionsAlert Exclusions Configuration panel

    • Incident ResponseIncident ConfigurationStarred AlertsStarred Alerts Configuration panel

    • EndpointsPolicy ManagementPreventionProfilesProfile Configuration panel

    • Incident ResponseResponseAction CenterCurrently Applied ActionsBlock List/Allow ListAllow List/Block List configuration panel

  2. In the corresponding Configuration panel, + Create New configuration.

  3. Enter the configuration Name and Description.

  4. Create.

    The new configuration appears in the Configuration pane.

  5. Navigate to SettingsTenant Management.

  6. In the Tenant Management table, right-click a child tenant row and Edit Configurations.

  7. Assign the configuration you want to use to manage each of the security actions.

    Note

    You can configure Profiles only as Managed or Unmanaged. All profiles you create are automatically cloned to your child tenants.

  8. Update.

    The Tenant Management table is updated with your assigned configurations.