XDR provides out-of-the-box protection for all registered endpoints with
a default security policy customized for each supported platform
type. To tune your security policy, you customize settings in a
security profile and attach the profile to a policy. Each policy
that you create must apply to one or more endpoints or endpoint
From Cortex XDR, create a policy rule.
Do either of the following:
+ New Policy
begin a rule from scratch.
, right-click the profile
you want to assign and
Create a new policy rule using
describes the purpose or intent of the policy.
you want to create a new policy.
Select the desired
profiles you want to apply
in this policy.
you do not specify a profile, the Cortex XDR agent uses the default profile.
Use the filters to assign the policy to one or more endpoints or
Cortex XDR automatically applies a filter for the platform
you selected. To change the platform, go
the general policy settings.
the rule position, if needed, to order the policy relative to other
The Cortex XDR agent evaluates policies from top to bottom.
When the Cortex XDR agent finds the first match it applies that
policy as the active policy. To move the rule, select the arrows
and drag the policy to the desired location in the policy hierarchy.