Manage Endpoint Security Profiles - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-12
Category
Administrator Guide
Abstract

You can manage the security profiles of your Cortex XDR agent endpoints in various ways, including editing, duplicating, and populating security rules.

After you customize your Endpoint Security Profiles, you can manage these profiles from the Profiles page as needed.

  1. View information about your security profiles.

    The following table displays the fields that are available on the Profiles page in alphabetical order. The table includes both default fields and additional fields that are available in the column manager.

    Field

    Description

    Associated Targets

    The targets the profile applies to.

    Created By

    Administrative user who created the security profile.

    Created Time

    Date and time at which the security profile was created.

    Description

    Optional description entered by an administrator to describe the security profile.

    Modification Time

    Date and time at which the security profile was modified.

    Modified By

    Administrative user who modified the security profile.

    Name

    Name provided to identify the security profile.

    Platform

    Platform type of the security profile.

    Summary

    Summary of security profile configuration.

    Type

    Security profile type.

    Usage Count

    Number of policy rules that use the profile.

  2. Edit a security profile.

    1. From EndpointsPolicy ManagementPreventionProfiles, right-click the security profile and select Edit.

    2. Make your changes and then Save the security profile.

  3. Export profile.

    1. From EndpointsPolicy ManagementPreventionProfiles, right-click the security profile and select Export Profile.

    2. Verify the profile you want to export.

      Note

      New imported profiles are added and not replaced.

  4. Duplicate a security profile.

    1. From EndpointsPolicy ManagementPreventionProfiles, right-click the security profile and select Save as New.

    2. Make your changes and then Create the security profile.

    3. Step 6.

  5. View the security policy rules that use a security profile.

    From EndpointsPolicy ManagementPreventionProfiles, right-click the security profile and select View policy Rules.

    Cortex XSIAM displays the policy rules that use the profile.

  6. Populate a new policy rule with a security profile.

    1. From EndpointsPolicy ManagementPreventionProfiles, right-click the security profile and Create a new policy rule using this profile.

      Cortex XSIAM

    2. Enter a descriptive Policy Name and optional description for the policy rule.

    3. Assign any additional security profiles that you want to apply to your policy rule, and select Next.

    4. Select the target endpoints for the policy rule or use the filters to define criteria for the policy rule to apply, and then select Next.

    5. Review the policy rule summary, and if everything looks good, select Done.

  7. Delete a security profile.

    1. If necessary, delete or detach any policy rules that use the profile before attempting to delete it.

    2. From EndpointsPolicy ManagementPreventionProfiles, identify the security profile that you want to remove.

      The Usage Count should have a 0 value.

    3. Right-click the security profile and select Delete.

    4. Confirm the deletion and you are done.