Add a global endpoint policy exception - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Learn how to define and manage global endpoint policy exceptions in Cortex XSIAM.

As an alternative to adding an endpoint-specific exception in policy rules, you can define and manage global exceptions that apply across all of your endpoints. On the Global Exception page, you can manage all the global exceptions in your organization for all platforms. Profiles associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.

Important

  • Starting with version 1.3, Cortex XSIAM enables you to manage the Global Endpoint Policy exceptions from a central location and easily apply them across multiple profiles in the Legacy Agent Exceptions management page. 

  • To manage the prevention profile exceptions from Exception Configuration, you must first migrate your existing exceptions configured via the Global exceptions.

  • Your migrated rules are displayed on the SettingsException ConfigurationsLegacy Agent Exceptions page. For more information about the migration, see Exception configuration.

  • To create new global endpoint policy exceptions using the Legacy Agent Exceptions page, see Add a legacy exception rule.

  • If you don't migrate the legacy exceptions, you can continue to add exceptions as described below.