Apply Security Profiles to Endpoints

From the Cortex XDR management console, you can apply security profiles to your endpoints depending on the platform used on the endpoints.
Cortex
XDR
provides out-of-the-box protection for all registered endpoints with a default security policy customized for each supported platform type. To tune your security policy, customize the settings in a security profile and attach the profile to a policy.
Each policy you create must apply to one or more endpoints or endpoint groups. The
Prevention Policy Rules
table lists all the policy rules per operating system. Rules associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.
  1. From
    Cortex
    XDR
    , create a policy rule.
    Do either of the following:
    • Select
      Endpoints
      Policy Management
      Prevention
      Policy Rules
      , and select
      + New Policy
      or
      Import from File
      .
      When importing a policy, select whether to enable the associated policy targets. Rules within the imported policy are managed as follows:
      • New rules are added to top of the list.
      • Default rules override the default rule in the target tenant.
      • Rules without a defined target are disabled until target is specified.
    • Select
      Endpoints
      Policy Management
      Prevention
      Profiles
      , right-click the profile you want to assign and
      Create a new policy rule using this profile
      .
  2. Define a
    Policy Name
    and optional
    Description
    that describes the purpose or intent of the policy.
  3. Select the
    Platform
    for which you want to create a new policy.
  4. Select the desired
    Exploit
    ,
    Malware
    ,
    Restrictions
    , and
    Agent Settings
    profiles you want to apply in this policy.
    If you do not specify a profile, the
    Cortex
    XDR
    agent uses the default profile.
  5. Click
    Next
    .
  6. Use the filters to assign the policy to one or more endpoints or endpoint groups.
    Cortex
    XDR
    automatically applies a filter of the platform you selected and, if exists, the
    Group Name
    according to the groups within your defined user scope.
  7. Click
    Done
    .
  8. In the
    Policy Rules
    table, change the rule position, if needed, to order the policy relative to other policies.
    The
    Cortex
    XDR
    agent evaluates policies from top to bottom. When the
    Cortex
    XDR
    agent finds the first match it applies that policy as the active policy. To move the rule, select the arrows and drag the policy to the desired location in the policy hierarchy.
    Right-click to
    View Policy Details
    ,
    Edit
    ,
    Save as New
    ,
    Disable
    , and
    Delete
    .
  9. Export policy.
    Select one ore more policies, right-click and select
    Export Policies
    . You can choose to include the associated
    Policy Targets
    ,
    Global Exceptions
    , and endpoint groups.
    The exported file is encoded Base64 and cannot be edited.

Recommended For You