Manage Endpoint Security Profiles

You can manage the security profiles of your Cortex® XDR™ agent endpoints in various ways, including editing, duplicating, and populating security rules.
After you customize your Endpoint Security Profiles, you can manage these profiles from the Profiles page as needed.
  • View information about your security profiles.
    The following table displays the fields that are available on the Profiles page in alphabetical order. The table includes both default fields and additional fields that are available in the column manager.
    Field
    Description
    Associated Targets
    The targets the profile applies to.
    Created By
    Administrative user who created the security profile.
    Created Time
    Date and time at which the security profile was created.
    Description
    Optional description entered by an administrator to describe the security profile.
    Modification Time
    Date and time at which the security profile was modified.
    Modified By
    Administrative user who modified the security profile.
    Name
    Name provided to identify the security profile.
    Platform
    Platform type of the security profile.
    Summary
    Summary of security profile configuration.
    Type
    Security profile type.
    Usage Count
    Number of policy rules that use the profile.
  • Edit a security profile.
    1. From
      Endpoints
      Policy Management
      Prevention
      Profiles
      , right-click the security profile and select
      Edit
      .
    2. Make your changes and then
      Save
      the security profile.
  • Export profile.
    1. From
      Endpoints
      Policy Management
      Prevention
      Profiles
      , right-click the security profile and select
      Export Profile
      .
    2. Verify the profile you want to export.
      New imported profiles are added and not replaced.
  • Duplicate a security profile.
    1. From
      Endpoints
      Policy Management
      Prevention
      Profiles
      , right-click the security profile and select
      Save as New
      .
    2. Make your changes and then
      Create
      the security profile.
  • View the security policy rules that use a security profile.
    From
    Endpoints
    Policy Management
    Prevention
    Profiles
    , right-click the security profile and select
    View policy Rules
    .
    Cortex
    XDR
    displays the policy rules that use the profile.
  • Populate a new policy rule with a security profile.
    1. From
      Endpoints
      Policy Management
      Prevention
      Profiles
      , right-click the security profile and
      Create a new policy rule using this profile
      .
      Cortex
      XDR
      automatically populates the
      Platform
      selection based on your security profile configuration and assigns the security profile based on the security profile type.
    2. Enter a descriptive
      Policy Name
      and optional description for the policy rule.
    3. Assign any additional security profiles that you want to apply to your policy rule, and select
      Next
      .
    4. Select the target endpoints for the policy rule or use the filters to define criteria for the policy rule to apply, and then select
      Next
      .
    5. Review the policy rule summary, and if everything looks good, select
      Done
      .
  • Delete a security profile.
    1. If necessary, delete or detach any policy rules that use the profile before attempting to delete it.
    2. From
      Endpoints
      Policy Management
      Prevention
      Profiles
      , identify the security profile that you want to remove.
      The
      Usage Count
      should have a
      0
      value.
    3. Right-click the security profile and select
      Delete
      .
    4. Confirm the deletion and you are done.

Recommended For You