Create a Security Managed Action

Create a security type action to perform on behalf of your child tenants.
After you’ve created and assigned a configuration for each of your child tenant’s security actions, you can define the specific managed action on behalf of the child tenant.
  1. Navigate to each of the following Cortex XDR pages:
    • Investigation
      Incident Management
      Alert Exclusions Configuration
    • Investigation
      Incident Management
      Starred Alerts
      Starred Alerts Configuration
    • Endpoints
      Policy Management
      Profile Configuration
    • Response
      Action Center
      Currently Applied Actions
      Block List/Allow List
      Allow List/Block List
      configuration panel
  2. In the corresponding
    panel, select the action configuration you created and allocated to your child tenant.
    The corresponding security action
    displays the actions managing the child tenant.
  3. Depending on the security action, select:
    • + Add Exclusion
      to create an Alert Exclusion.
    • + Add Starring Configuration
      to create a started alert inclusion.
    • + New Profile
      to create a new endpoint profile.
    Profiles you create are automatically cloned to your child tenants.

Recommended For You