Apply Profiles to Collection Machine Policies

Once a Cortex® XDR™ Collector profile is configured, you must attach the profile to a policy.
Once a Cortex® XDR™ Collector profile is configured, you must attach the profile to a policy. Each policy that you create must apply to one or more collector machines or collector machine groups.
  1. In Cortex XDR, create a policy.
    Do either of the following:
    • Select
      Settings ( )
      Configurations
      XDR Collectors
      Policies
      +New Policy
      to create a policy from scratch in the
      XDR Collectors Policies
      page.
    • Select
      Settings ( )
      Configurations
      XDR Collectors
      Profiles
      , right-click the profile you want to assign and
      Create a new policy rule using this profile
      in the
      XDR Collectors Profiles
      page.
  2. Set the
    General
    settings for the policy.
    • Policy Name
      —Specify a unique name for the policy.
    • Description
      —(
      Optional
      ) Specify a description that describes the purpose or intent of the policy.
    • Platform
      —Select the
      Platform
      as either
      Windows
      or
      Linux
      that you want to create the new policy.
    • Collector Profile
      —Select the applicable
      Collector Profile
      from the list available for the
      Platform
      designated that you want to apply to the policy. If you do not specify a profile, the Cortex XDR Collector uses the
      Default
      profile.
  3. Click
    Next
    .
  4. Set the
    Target
    settings in the
    XDR Collectors Endpoints
    screen.
    Use the filters to assign the policy to one or more collector machines (endpoints) or collector machine (endpoint) groups.
    Cortex XDR automatically applies a filter for the platform you selected. To change the platform, go
    Back
    to the general policy settings.
  5. Click
    Next
    .
  6. Review the
    Summary
    for the new policy.
    If everything looks fine, click
    Done
    . Otherwise, click
    Back
    to make your changes.
  7. In the
    XDR Collectors Policies
    table, change the policy position, if needed, to order the policy relative to other policies.
    The Cortex XDR Collector evaluates policies from top to bottom. When the Cortex XDR Collector finds the first match it applies that policy as the active policy. To move the policy order, select the arrows and drag the policy to the desired location in the policy hierarchy.
  8. Other available options.
    As needed, you can return to the
    XDR Collectors Policies
    page to manage your XDR Collectors policies. To manage a specific policy, right click anywhere in the XDR Collector policy row, and select the desired action:
    • Disable
      the XDR Collector policy.
    • Delete
      the XDR Collector policy.
    • View Policy Details
      —Opens a new window with the details of the current profile configured for this policy, so you can easily see the
      Collector Upgrade
      and
      Filebeat configuration file
      details for the profile associated to this policy.
    • Save As New
      —Enables you to copy the existing policy with its current settings, make any modifications, and save it as a new policy by adding a unique name.
    • Edit
      the XDR Collector policy settings.
    • Copy text to clipboard
      to copy the text from a specific field in the row of a XDR Collector policy.
    • Copy entire row
      to copy the text from the entire row of a XDR Collector policy.

Recommended For You