Add a new exceptions security profile - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn how to add a new exceptions security profile.

You can configure exceptions that apply to specific groups of endpoints or you can add a global endpoint policy exception.

Important

Starting with version 1.3, Cortex XSIAM enables you to manage the exception security rules from a central location and easily apply them across multiple profiles in the Legacy Agent Exceptions management page. 

To manage the exceptions from Exception Configuration, you must first migrate your existing exceptions configured via the exceptions security profiles.

To create new exception security profile rules using the Legacy Agent Exceptions management page, see Add a legacy exception rule.

If you don't migrate the legacy exceptions, you can continue to create exceptions as described below.

How to create an endpoint-specific exception
  1. Add a new profile.

    1. From Cortex XSIAM, select EndpointsPolicy ManagementPreventionProfiles+Add Profile and select whether to Create New or Import from File a new profile.

      Note

      New imported profiles are added and not replaced.

    2. Select the platform to which the profile applies and Exceptions as the profile type.

    3. Click Next.

  2. Define the basic settings.

    1. Select a unique Profile Name to identify the profile. The name can contain only letters, numbers, or spaces, and must be no more than 30 characters. The name will be visible from the list of profiles when you configure a policy rule.

    2. To provide additional context for the purpose or business reason for creating the profile, specify a profile Description. For example, you might include an incident identification number or a link to a help desk ticket.

  3. Configure the exceptions profile.

  4. Apply profiles to endpoints.

    If you want to remove an exceptions profile from your network, go to the Profiles page, right-click, and select Delete.