Create a Security Managed Action

After you’ve created and assigned a configuration for each of your child tenant’s security actions, you can define the specific managed action on behalf of the child tenant.
  1. Navigate to
    each
    of the following Cortex XDR pages:
    • Rules
      BIOC
    • Rules
      Rules Exceptions
    • Investigation
      Exclusions
    • Investigation
      Starred Alerts
  2. In the corresponding
    Configuration
    panel, select the action configuration you created and allocated to your child tenant.
    The corresponding security action
    Table
    displays the actions managing the child tenant.
    mssp-create-rules.png
  3. Depending on the security action, select:
    • + Add BIOC
      to create a BIOC Rule.
    • + New Exception
      to create a BIOC Exception.
    • + Add Exclusion
      to create an Alert Exclusion.
    • + Add Starring Configuration
      to create a started alert inclusion.
    • + New Profile
      to create a new endpoint profile.
    Profiles you create are automatically cloned to your child tenants.

Recommended For You