Rather than defining a new security profile for each of your endpoints, you can apply the pre-configured Cortex XDR security profiles instead.
Cortex XSIAM provides default security profiles that you can use out of the box to immediately begin protecting your endpoints from threats.
While security rules enable you to block or allow files to run on your endpoints, security profiles help you customize and reuse settings across different groups of endpoints. When the Cortex XDR agent detects behavior that matches a rule defined in your security policy, the Cortex XDR agent applies the security profile that is attached to the rule for further inspection.
From Prevention Profiles table lists all the profiles per operating system. Profiles associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.
→ → → , you can create the following profiles. TheProfile Name | Description |
---|---|
Exploit Profiles | Exploit profiles block attempts to exploit system flaws in browsers, and in the operating system. For example, Exploit profiles help protect against exploit kits, illegal code execution, and other attempts to exploit process and system vulnerabilities. Exploit profiles are supported for Windows, Mac, and Linux platforms. |
Malware Profiles | Malware profiles protect against the execution of malware including trojans, viruses, worms, and grayware. Malware profiles serve two main purposes: to define how to treat behavior common with malware, such as ransomware or script-based attacks, and to define how to treat known malware and unknown files. Malware profiles are supported for all platforms. |
Restrictions Profiles | Restrictions profiles limit where executables can run on an endpoint. For example, you can restrict files from running from specific local folders or from removable media. Restrictions profiles are supported only for Windows platforms. |
Agent Settings Profiles | Agent Settings profiles enable you to customize settings that apply to the Cortex XDR agent (such as the disk space quota for log retention). For Mac and Windows platforms, you can also customize user interface options for the Cortex XSIAM console, such as accessibility and notifications. |
Exceptions Profiles | Exceptions Security Profiles override the security policy to allow a process or file to run on an endpoint, to disable a specific BTP rule, to allow a known digital signer, and to import exceptions from the Cortex XSIAM support team. Exceptions profiles are supported for Windows, Mac, and Linux platforms. |
After you add the new security profile, you can Manage Endpoint Security Profiles.