Create a Security Managed Action

Create a security type action to perform on behalf of your child tenants.
After you’ve created and assigned a configuration for each of your child tenant’s security actions, you can define the specific managed action on behalf of the child tenant.
  1. Navigate to each of the following
    Cortex
    XDR
    pages:
    • Investigation
      Incident Management
      Exclusions
      Alert Exclusions Configuration
      panel
    • Investigation
      Incident Management
      Starred Alerts
      Starred Alerts Configuration
      panel
    • Endpoints
      Policy Management
      Prevention
      Profiles
      Profile Configuration
      panel
    • Response
      Action Center
      Currently Applied Actions
      Block List/Allow List
      Allow List/Block List
      configuration panel
  2. In the corresponding
    Configuration
    panel, select the action configuration
    action configuration
    you created and allocated to your child tenant.
    The corresponding security action
    Table
    displays the actions managing the child tenant.
  3. Depending on the security action, select:
    • + Add Exclusion
      to create an Alert Exclusion.
    • + Add Starring Configuration
      to create a started alert inclusion.
    • + New Profile
      to create a new endpoint profile.
    Profiles you create are automatically cloned to your child tenants.

Recommended For You