Cortex XSIAM | Palo Alto

hrishikeshkale — Tue, 05 Sep 2023 11:43:55 GMT

Hi Communnity

I would like to know few things about Cortex XSIAM solution:

1. Auto Discovery feature: If any new log source is added, can the solution notify?
2. How the asset risk score is calculated?
3. In XSIAM, full raw logs of XDR/SIEM will be available or only parsed data?
4. Upgradation of XDR/SOAR/TIP/SIEM will be done all at once or one at a time?
5. How do the solution mimnimizes log delay? How often do we observe delays?
6. Where are the DC and DR placed?
7. Do we have any feature in XSIAM for forensics?
8. How does the licensing work? How much EPS is supported without slowness?
9. Need to know the exact flow of data.
10. How many conectors are available? (API). In case if connector is not available, how much time does it take for integration?
11. Any OOTB use cases/policies available?

Re: Cortex XSIAM | Palo Alto

afurze — Tue, 05 Sep 2023 14:05:31 GMT

Hello Hrishikeshkale,

1) No, it is up to the administrator onboarding the logs to complete the process by properly parsing them to a dataset and then modeling the data as needed (either via marketplace content, or custom modeling rules)

2) Asset risk score is a summation of all alert scores involving an asset for the last seven days

3) Full raw logs are available for EDR data as well as any logs brought in as RAW format (syslog, json, etc.), other sources are currently only available in their parsed form

4) I believe you are referring to server-side upgrades of XSIAM itself? If so, there is no separation of "modules" within the product, XSIAM is a single solution incorporating components of other Cortex products. XSIAM upgrades are released quarterly, typically, and applied over the weekend when released.

5) XSIAM is a SaaS solution, resources are managed by Palo Alto Networks engineering teams, delays are not typical, however, there is log source monitoring available within the product.

6) Please contact your account team for detailed product architecture information

7) The forensics license add-on is available for the XDR agent, contact your account team for detailed information

8.Please contact your account team for licensing information and see #5 above

9) I cannot answer this without much more detailed information, please contact your account team to discuss your scenario(s)

10) Our in-product Marketplace has hundreds of content packs available including integrations to various 3rd party products and parsing/modeling rules for data retrieved from these solutions, please contact your account team for a detailed discussion of your integration needs and available out of the box content

11) This cannot be answered without a more detailed discussion of your needs/use cases, please contact your account team

topic Cortex XSIAM | Palo Alto in Cortex XSIAM Discussions

Cortex XSIAM | Palo Alto

Re: Cortex XSIAM | Palo Alto