Apply Security Profiles to Endpoints

From
Cortex
XDR
, create a policy rule.
Do either of the following:
Select
Endpoints
Policy Management
Prevention
Policy Rules
, and select
+ New Policy
or
Import from File
.
When importing a policy, select whether to enable the associated policy targets. Rules within the imported policy are managed as follows:
New rules are added to top of the list.
Default rules override the default rule in the target tenant.
Rules without a defined target are disabled until target is specified.
Select
Endpoints
Policy Management
Prevention
Profiles
, right-click the profile you want to assign and
Create a new policy rule using this profile
.
Define a
Policy Name
and optional
Description
that describes the purpose or intent of the policy.
Select the
Platform
for which you want to create a new policy.
Select the desired
Exploit
,
Malware
,
Restrictions
, and
Agent Settings
profiles you want to apply in this policy.
If you do not specify a profile, the
Cortex
XDR
agent uses the default profile.
Click
Next
.
Use the filters to assign the policy to one or more endpoints or endpoint groups.
Cortex
XDR
automatically applies a filter of the platform you selected and, if exists, the
Group Name
according to the groups within your defined user scope.
Click
Done
.
In the
Policy Rules
table, change the rule position, if needed, to order the policy relative to other policies.
The
Cortex
XDR
agent evaluates policies from top to bottom. When the
Cortex
XDR
agent finds the first match it applies that policy as the active policy. To move the rule, select the arrows and drag the policy to the desired location in the policy hierarchy.
Right-click to
View Policy Details
,
Edit
,
Save as New
,
Disable
, and
Delete
.
Export policy.
Select one ore more policies, right-click and select
Export Policies
. You can choose to include the associated
Policy Targets
,
Global Exceptions
, and endpoint groups.
The exported file is encoded Base64 and cannot be edited.