Create a Security Managed Action - Administrator Guide - Cortex XSIAM - Cortex

Create a Security Managed Action - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product

Cortex XSIAM

Creation date

2024-02-26

Last date published

2024-04-21

Category

Administrator Guide

Abstract

Create a security type action to perform on behalf of your child tenants.

After you have created and assigned a configuration for each of your child tenant’s security actions, you can define the specific managed action on behalf of the child tenant.

Navigate to each of the following Cortex XSIAM pages:
- Rules → BIOC → Rules and Exceptions Configurations panel
- Investigation → Incident Management → Exclusions → Alert Exclusions Configuration panel
- Investigation → Incident Management → Starred Alerts → Starred Alerts Configuration panel
- Endpoints → Policy Management → Prevention → Profiles → Profile Configuration panel
- Response → Action Center → Currently Applied Actions → Block List/Allow List → Allow List/Block List configuration panel
In the corresponding Configuration panel, select the you created and allocated to your child tenant.
The corresponding security action Table displays the actions managing the child tenant.
Depending on the security action, select:
- + Add BIOC to create a BIOC Rule.
- + New Exception to create a BIOC Exception.
- + Add Exclusion to create an Alert Exclusion.
- + Add Starring Configuration to create a started alert inclusion.
- + New Profile to create a new endpoint profile.
Note
Profiles you create are automatically cloned to your child tenants.

Note