Create and Allocate Configurations - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

From the Cortex XSIAM management console, you can create and allocate configurations for child tenants.

To manage security actions on behalf of your child tenant, you need to first create and allocate an action configuration.

  1. Navigate to each of the following Cortex XSIAM pages and follow the detailed steps:

    • Detection & Threat IntelDetection RulesBIOCRules and Exceptions Configurations panel

    • Incident ResponseIncident ConfigurationAlert ExclusionsAlert Exclusions Configuration panel

    • Incident ResponseIncident ConfigurationStarred AlertsStarred Alerts Configuration panel

    • EndpointsPolicy ManagementPreventionProfilesProfile Configuration panel

    • Incident ResponseResponseAction CenterCurrently Applied ActionsBlock List/Allow ListAllow List/Block List configuration panel

  2. In the corresponding Configuration panel, + Create New configuration.

  3. Enter the configuration Name and Description.

  4. Create.

    The new configuration appears in the Configuration pane.

  5. Navigate to SettingsTenant Management.

  6. In the Tenant Management table, right-click a child tenant row and Edit Configurations.

  7. Assign the configuration you want to use to manage each of the security actions.


    You can configure Profiles only as Managed or Unmanaged. All profiles you create are automatically cloned to your child tenants.

  8. Update.

    The Tenant Management table is updated with your assigned configurations.