Create profile exceptions - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

You can create profile exceptions for agent alerts.

For Cortex XDR agent alerts, you can create profile exceptions for Window processes, BTP, and JAVA deserialization alerts directly from the Alerts table.

  1. Right-click an XDR Agent alert which has a category of Exploit and Create alert exception.

  2. Select an Exception Scope:

    • Global: Apply the exception across your organization.

    • Profile: Apply the exception to an existing profile or click and enter a Profile Name to create a new profile.

  3. Click Add to add the scope.

  4. (Optional) View your profile exceptions.

    1. Go to to EndpointsPolicy ManagementProfiles.

    2. In the Profiles table, locate the OS in which you created your global or profile exception and right-click to view or edit the exception properties.