Create and Allocate Configurations - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-17
Category
Administrator Guide
Abstract

From the Cortex XSIAM management console, you can create and allocate configurations for child tenants.

To manage security actions on behalf of your child tenant, you need to first create and allocate an action configuration.

  1. Navigate to each of the following Cortex XSIAM pages and follow the detailed steps:

    • Detection & Threat IntelDetection RulesBIOCRules and Exceptions Configurations panel

    • Incident ResponseIncident ConfigurationAlert ExclusionsAlert Exclusions Configuration panel

    • Incident ResponseIncident ConfigurationStarred AlertsStarred Alerts Configuration panel

    • EndpointsPolicy ManagementPreventionProfilesProfile Configuration panel

    • Incident ResponseResponseAction CenterCurrently Applied ActionsBlock List/Allow ListAllow List/Block List configuration panel

  2. In the corresponding Configuration panel, + Create New configuration.

  3. Enter the configuration Name and Description.

  4. Create.

    The new configuration appears in the Configuration pane.

  5. Navigate to SettingsTenant Management.

  6. In the Tenant Management table, right-click a child tenant row and Edit Configurations.

  7. Assign the configuration you want to use to manage each of the security actions.

    Note

    You can configure Profiles only as Managed or Unmanaged. All profiles you create are automatically cloned to your child tenants.

  8. Update.

    The Tenant Management table is updated with your assigned configurations.