06-30-2023 05:15 AM
Hello Team,
- For exceptions, whether we have to create rule for each of the module profiles to whiltelist the file path?
- Is there any way that we can create only one and it applies to all other pofiles.
06-30-2023 07:26 AM
Hello @RamyashreeMada
Thanks for reaching out on LiveCommunity.
Creating an exception with broad scope is not a good security practise. Cortex XDR enable you to create granular exceptions by allowing you to choose particular module/profile. Hence we advise you to please investigate the alerts for the file for which you want to create exception. In alerts table, there is a column named "Module". Module column let you know which particular module has triggered the alert. Once you know the module, please create exception for that one only.
Same goes for the profiles, please try to minimise the scope. For example, it may be possible that only endpoints which belong to IT team need exception. Hence we should only create exception for profile which belong to IT endpoints.
However, XDR allows you to select multiple profiles also.
Please let me know if you have more questions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
