topic Guidance on Automating Alert Notifications in Cortex XSIAM Using Playbooks (Future SNOW Integration) in Cortex XSIAM Discussions https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/guidance-on-automating-alert-notifications-in-cortex-xsiam-using/m-p/1234555#M234 <P data-start="328" data-end="343">Hello everyone,</P> <P data-start="345" data-end="691">I'm currently exploring Cortex XSIAM as part of my day-to-day responsibilities, and I’m working on automating alert notifications using native playbooks particularly for <STRONG>mail notifications triggered by specific alerts</STRONG><SPAN>, like "port scan"</SPAN>. The end goal is to reduce manual handling, potentially via email.</P> <P data-start="693" data-end="1024">As a first step, I’d like to create a basic playbook that sends automatic email alerts when certain conditions are met (ex. specific alert names ). Once that’s in place, my plan is to integrate this workflow with <STRONG data-start="921" data-end="935">ServiceNow</STRONG>&nbsp; to generate and manage tickets from Cortex XSIAM incidents.</P> <P data-start="1026" data-end="1067">I'm reaching out&nbsp; to ask:</P> <UL data-start="1068" data-end="1343"> <LI data-start="1068" data-end="1125"> <P data-start="1070" data-end="1125">Has anyone here implemented similar use cases in XSIAM?</P> </LI> <LI data-start="1126" data-end="1260"> <P data-start="1128" data-end="1260">Are there any best practices or documentation you'd recommend, particularly around designing efficient playbooks for alert handling?</P> </LI> <LI data-start="1261" data-end="1343"> <P data-start="1263" data-end="1343">Any advice for a beginner in automating operational security tasks inside XSIAM?</P> </LI> </UL> <P data-start="1345" data-end="1440">Thanks in advance!</P> <P data-start="1442" data-end="1481">Best regards,</P> Wed, 23 Jul 2025 16:22:09 GMT I.JuvillaGonzalez 2025-07-23T16:22:09Z Guidance on Automating Alert Notifications in Cortex XSIAM Using Playbooks (Future SNOW Integration) https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/guidance-on-automating-alert-notifications-in-cortex-xsiam-using/m-p/1234555#M234 <P data-start="328" data-end="343">Hello everyone,</P> <P data-start="345" data-end="691">I'm currently exploring Cortex XSIAM as part of my day-to-day responsibilities, and I’m working on automating alert notifications using native playbooks particularly for <STRONG>mail notifications triggered by specific alerts</STRONG><SPAN>, like "port scan"</SPAN>. The end goal is to reduce manual handling, potentially via email.</P> <P data-start="693" data-end="1024">As a first step, I’d like to create a basic playbook that sends automatic email alerts when certain conditions are met (ex. specific alert names ). Once that’s in place, my plan is to integrate this workflow with <STRONG data-start="921" data-end="935">ServiceNow</STRONG>&nbsp; to generate and manage tickets from Cortex XSIAM incidents.</P> <P data-start="1026" data-end="1067">I'm reaching out&nbsp; to ask:</P> <UL data-start="1068" data-end="1343"> <LI data-start="1068" data-end="1125"> <P data-start="1070" data-end="1125">Has anyone here implemented similar use cases in XSIAM?</P> </LI> <LI data-start="1126" data-end="1260"> <P data-start="1128" data-end="1260">Are there any best practices or documentation you'd recommend, particularly around designing efficient playbooks for alert handling?</P> </LI> <LI data-start="1261" data-end="1343"> <P data-start="1263" data-end="1343">Any advice for a beginner in automating operational security tasks inside XSIAM?</P> </LI> </UL> <P data-start="1345" data-end="1440">Thanks in advance!</P> <P data-start="1442" data-end="1481">Best regards,</P> Wed, 23 Jul 2025 16:22:09 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/guidance-on-automating-alert-notifications-in-cortex-xsiam-using/m-p/1234555#M234 I.JuvillaGonzalez 2025-07-23T16:22:09Z