You can take actions to manage and investigate files, including:
Manage file execution on your endpoints by adding file hashes to your allow and block lists.
Quarantine files and manage the files automatically quarantined by Cortex XSIAM.
Review the file verdict and the WildFire Analysis Report for a file.
Import hashes from the Endpoint Security Manager or from external feeds.
Note
To take actions on endpoints, you need the Cortex XSIAM Premium, Enterprise, or any other XSIAM license with the Enterprise Runtime Security (XDR) add-on.