topic Re: Cortex XSIAM + XDR in Cortex XDR Discussions

Cortex XSIAM + XDR

RFeyertag — Sat, 27 May 2023 17:11:00 GMT

Hello dear community,

who of you is using XSIAM? How is it?

Will XDR + XSIAM ever get together in one product?

Rob

Re: Cortex XSIAM + XDR

bbarmanroy — Mon, 29 May 2023 07:30:58 GMT

Hi @RFeyertag all underlying components of XDR are already in XSIAM, and much more. Which means, you get the same set of agents send events/alerts to the management console in XSIAM for stitching. Using automation/playbooks, you can initiate actions on those alerts. There's also a massive chunk of XSOAR bits that have been introduced into XSIAM for additional use cases like data ingestion, integrations, playbook development, threat intel, attack surface management etc. So a rough analogy would be:
XSIAM = XDR + XSOAR + Xpanse

Take a look at the following sections (Architecture and Concepts) : https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Architecture

Re: Cortex XSIAM + XDR

RFeyertag — Fri, 02 Jun 2023 17:19:42 GMT

Thank you!!

Rob

Re: Cortex XSIAM + XDR

hrishikeshkale — Tue, 05 Sep 2023 10:03:27 GMT

Hi Community,

I would like to know few things about Cortex XSIAM solution:

1. Auto Discovery feature: If any new log source is added, can the solution notify?
2. How the asset risk score is calculated?
3. In XSIAM, full raw logs of XDR/SIEM will be available or only parsed data?
4. Upgradation of XDR/SOAR/TIP/SIEM will be done all at once or one at a time?
5. How do the solution mimnimizes log delay? How often do we observe delays?
6. Where are the DC and DR placed?
7. Do we have any feature in XSIAM for forensics?
8. How does the licensing work? How much EPS is supported without slowness?
9. Need to know the exact flow of data.
10. How many conectors are available? (API). In case if connector is not available, how much time does it take for integration?
11. Any OOTB use cases/policies available?