Create a Security Managed Action - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-16
Category
Administrator Guide
Abstract

Create a security type action to perform on behalf of your child tenants.

After you have created and assigned a configuration for each of your child tenant’s security actions, you can define the specific managed action on behalf of the child tenant.

  1. Navigate to each of the following Cortex XSIAM pages:

    • RulesBIOCRules and Exceptions Configurations panel

    • InvestigationIncident ManagementExclusionsAlert Exclusions Configuration panel

    • InvestigationIncident ManagementStarred AlertsStarred Alerts Configuration panel

    • EndpointsPolicy ManagementPreventionProfilesProfile Configuration panel

    • ResponseAction CenterCurrently Applied ActionsBlock List/Allow ListAllow List/Block List configuration panel

  2. In the corresponding Configuration panel, select the you created and allocated to your child tenant.

    The corresponding security action Table displays the actions managing the child tenant.

  3. Depending on the security action, select:

    • + Add BIOC to create a BIOC Rule.

    • + New Exception to create a BIOC Exception.

    • + Add Exclusion to create an Alert Exclusion.

    • + Add Starring Configuration to create a started alert inclusion.

    • + New Profile to create a new endpoint profile.

    Note

    Profiles you create are automatically cloned to your child tenants.