https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/442787#M1175 <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="nhussaini_0-1634871886225.jpeg" style="width: 784px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37184i3FB5FAA7C01CA038/image-dimensions/784x121?v=v2" width="784" height="121" role="button" title="nhussaini_0-1634871886225.jpeg" alt="nhussaini_0-1634871886225.jpeg" /></span></P> <P>&nbsp;</P> <P><SPAN>When running a SIEM, you need to have a huge team of many Analysts Level 1, Level 2, Level 3… Escalations to lateral teams (sometimes to take actions such as isolating endpoints/servers, gathering/deleting suspicious files, etc). It is laborious and time consuming to perform simple actions, like creating an alert.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Read&nbsp;<FONT color="#FF6600"><STRONG><A id="link_7" class="page-link lia-link-navigation lia-custom-event" href="https://live.paloaltonetworks.com/t5/cortex-xdr-articles/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/ta-p/442782" target="_blank" rel="noopener">Cortex XDR - How We Distinguish Ourselves From a SIEM Solution</A></STRONG>&nbsp;</FONT>to learn more on this topic from our experts!</SPAN></P> <P>&nbsp;</P> <P><FONT color="#FF6600">Palo Alto Networks Contributors:</FONT></P> <P><FONT color="#000000">Luis Escobar,<SPAN>&nbsp;</SPAN><EM>Cortex</EM>&nbsp;<EM>Customer Success Architect&nbsp;</EM></FONT></P> <P><FONT color="#000000"><SPAN>Maor Hojberg,&nbsp;<EM>Technical Marketing Engineer&nbsp;</EM></SPAN></FONT></P> <P>&nbsp;</P> <P><FONT color="#000000"><SPAN><EM><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;</EM></SPAN></FONT></P> Fri, 05 Nov 2021 03:18:17 GMT nhussaini 2021-11-05T03:18:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/442787#M1175 <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="nhussaini_0-1634871886225.jpeg" style="width: 784px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/37184i3FB5FAA7C01CA038/image-dimensions/784x121?v=v2" width="784" height="121" role="button" title="nhussaini_0-1634871886225.jpeg" alt="nhussaini_0-1634871886225.jpeg" /></span></P> <P>&nbsp;</P> <P><SPAN>When running a SIEM, you need to have a huge team of many Analysts Level 1, Level 2, Level 3… Escalations to lateral teams (sometimes to take actions such as isolating endpoints/servers, gathering/deleting suspicious files, etc). It is laborious and time consuming to perform simple actions, like creating an alert.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Read&nbsp;<FONT color="#FF6600"><STRONG><A id="link_7" class="page-link lia-link-navigation lia-custom-event" href="https://live.paloaltonetworks.com/t5/cortex-xdr-articles/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/ta-p/442782" target="_blank" rel="noopener">Cortex XDR - How We Distinguish Ourselves From a SIEM Solution</A></STRONG>&nbsp;</FONT>to learn more on this topic from our experts!</SPAN></P> <P>&nbsp;</P> <P><FONT color="#FF6600">Palo Alto Networks Contributors:</FONT></P> <P><FONT color="#000000">Luis Escobar,<SPAN>&nbsp;</SPAN><EM>Cortex</EM>&nbsp;<EM>Customer Success Architect&nbsp;</EM></FONT></P> <P><FONT color="#000000"><SPAN>Maor Hojberg,&nbsp;<EM>Technical Marketing Engineer&nbsp;</EM></SPAN></FONT></P> <P>&nbsp;</P> <P><FONT color="#000000"><SPAN><EM><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT>&nbsp;</EM></SPAN></FONT></P> Fri, 05 Nov 2021 03:18:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/442787#M1175 nhussaini 2021-11-05T03:18:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/445069#M1208 <P>Cortex XDR lacks a unified data model which impedes the ability to rapidly perform useful searches across disparate datasets.&nbsp; Are there plans to address that gap?</P> Tue, 02 Nov 2021 20:41:35 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/445069#M1208 SStonebraker 2021-11-02T20:41:35Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/445281#M1211 <P>Hi SStonebraker,&nbsp;</P><P>if you mean that Cortex XDR doesn't have a dataset that holds all the datasets, that is correct. But so far we dont need that because&nbsp;in Cortex XDR, you can query and search with XQL any dataset and a combination of them in a very good response time. Creating a dataset of datasets will screw the searches response and so far there is no point to do so.</P><P>On top of that we have Cortex XDR Collectors that can collect data/logs from a miriad of sources ftp, linux system logs, windows, webservers of many flavors (IIS, apache, nginx), Fw, you name it. Once that those logs are uploaded in our Cortex management console in the cloud you can perform XQL queries on them.&nbsp;</P><P>Additionally you can save the XQL queries in a public area so you and all your work mates can reuse them without reinventing the wheel.&nbsp;</P><P>You can also save the queries as correlation rules and set the timing to launch them...&nbsp;</P><P>As a source for XQL query center documentation, please visit the link:&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/search-queries/query-center" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/search-queries/query-center</A></P><P>From there you can also jump to other very good XQL documentation sources.</P><P>Hope this helped.</P><P>Kind Regards,&nbsp;</P><P>Luis&nbsp;<BR />&nbsp;</P><P>&nbsp;</P> Wed, 03 Nov 2021 16:23:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/445281#M1211 eluis 2021-11-03T16:23:54Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/447328#M1239 <P>PAN Cortex XDR isn't a SIEM!</P><P>&nbsp;</P><P>Also PAN check out Cortex XDR 3.0 now with correlation searches and the ability to ingest data from anywhere!!!&nbsp;<BR /><BR /><span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P> Sat, 13 Nov 2021 02:45:22 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-how-we-distinguish-ourselves-from-a-siem-solution/m-p/447328#M1239 eumbach 2021-11-13T02:45:22Z