<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: XSIAM Usecases on EPIC EHR ( Electronic Health Record) log in Cortex XSIAM Discussions</title>
    <link>https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-usecases-on-epic-ehr-electronic-health-record-log/m-p/1258055#M442</link>
    <description>&lt;P&gt;&lt;SPAN&gt;Haven't seen published use cases for EPIC specifically ,niche enough source that there's no canned content for it. If you're pulling the audit logs in via HTTP Collector/syslog, treat it like any sensitive-access log: correlation rules around break-glass/emergency access, after-hours record pulls, one user pulling an abnormal volume of records, and access to VIP/employee-as-patient records (the classic healthcare insider-threat pattern). Nothing here needs EPIC-specific awareness, just the log fields once they're parsed.&lt;/SPAN&gt;&lt;/P&gt;</description>
    <pubDate>Sat, 04 Jul 2026 19:33:25 GMT</pubDate>
    <dc:creator>H.Eldessouki</dc:creator>
    <dc:date>2026-07-04T19:33:25Z</dc:date>
    <item>
      <title>XSIAM Usecases on EPIC EHR ( Electronic Health Record) log</title>
      <link>https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-usecases-on-epic-ehr-electronic-health-record-log/m-p/1257950#M439</link>
      <description>&lt;P&gt;Hi All,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Has anyone built detection use cases for EPIC log sources? &lt;SPAN&gt;If so, I'd appreciate any insights you can share.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 02 Jul 2026 14:48:25 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-usecases-on-epic-ehr-electronic-health-record-log/m-p/1257950#M439</guid>
      <dc:creator>A.Velusamy</dc:creator>
      <dc:date>2026-07-02T14:48:25Z</dc:date>
    </item>
    <item>
      <title>Re: XSIAM Usecases on EPIC EHR ( Electronic Health Record) log</title>
      <link>https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-usecases-on-epic-ehr-electronic-health-record-log/m-p/1258055#M442</link>
      <description>&lt;P&gt;&lt;SPAN&gt;Haven't seen published use cases for EPIC specifically ,niche enough source that there's no canned content for it. If you're pulling the audit logs in via HTTP Collector/syslog, treat it like any sensitive-access log: correlation rules around break-glass/emergency access, after-hours record pulls, one user pulling an abnormal volume of records, and access to VIP/employee-as-patient records (the classic healthcare insider-threat pattern). Nothing here needs EPIC-specific awareness, just the log fields once they're parsed.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Sat, 04 Jul 2026 19:33:25 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/xsiam-usecases-on-epic-ehr-electronic-health-record-log/m-p/1258055#M442</guid>
      <dc:creator>H.Eldessouki</dc:creator>
      <dc:date>2026-07-04T19:33:25Z</dc:date>
    </item>
  </channel>
</rss>

