You can manage the security profiles of your Cortex XDR agent endpoints in various ways, including editing, duplicating, and populating security rules.
After you customize your Endpoint Security Profiles, you can manage these profiles from the Profiles page as needed.
View information about your security profiles.
The following table displays the fields that are available on the Profiles page in alphabetical order. The table includes both default fields and additional fields that are available in the column manager.
Field
Description
Associated Targets
The targets the profile applies to.
Created By
Administrative user who created the security profile.
Created Time
Date and time at which the security profile was created.
Description
Optional description entered by an administrator to describe the security profile.
Modification Time
Date and time at which the security profile was modified.
Modified By
Administrative user who modified the security profile.
Name
Name provided to identify the security profile.
Platform
Platform type of the security profile.
Summary
Summary of security profile configuration.
Type
Security profile type.
Usage Count
Number of policy rules that use the profile.
Edit a security profile.
From Edit.
→ → → , right-click the security profile and selectMake your changes and then Save the security profile.
Export profile.
From Export Profile.
→ → → , right-click the security profile and selectVerify the profile you want to export.
Note
New imported profiles are added and not replaced.
Duplicate a security profile.
From Save as New.
→ → → , right-click the security profile and selectMake your changes and then Create the security profile.
View the security policy rules that use a security profile.
From View policy Rules.
→ → → , right-click the security profile and selectCortex XSIAM displays the policy rules that use the profile.
Populate a new policy rule with a security profile.
From Create a new policy rule using this profile.
→ → → , right-click the security profile andCortex XSIAM
Enter a descriptive Policy Name and optional description for the policy rule.
Assign any additional security profiles that you want to apply to your policy rule, and select Next.
Select the target endpoints for the policy rule or use the filters to define criteria for the policy rule to apply, and then select Next.
Review the policy rule summary, and if everything looks good, select Done.
Delete a security profile.
If necessary, delete or detach any policy rules that use the profile before attempting to delete it.
From
→ → → , identify the security profile that you want to remove.The Usage Count should have a
0
value.Right-click the security profile and select Delete.
Confirm the deletion and you are done.