https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-sessions-and-submissions-option/m-p/521860#M1429 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>No, XSOAR does not process or enrich this info, you will only be able to view and query the sessions data generated from your PAN firewall and listed other products.</P> <P>&nbsp;</P> Mon, 21 Nov 2022 12:24:02 GMT sramesh-7 2022-11-21T12:24:02Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-sessions-and-submissions-option/m-p/519675#M1357 <P>Hi,</P> <P>&nbsp;</P> <P>I came across this documentation regarding XSOAR</P> <P><A href="https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-threat-intel-management-guide/unit42-intel/unit42-sessions-and-submissions" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-9/cortex-xsoar-threat-intel-management-guide/unit42-intel/unit42-sessions-and-submissions</A></P> <P>&nbsp;</P> <DIV class=""><EM><EM>The&nbsp;<SPAN>Sessions &amp; Submissions&nbsp;tab enables you to use your sessions and submissions data for investigation and analysis. Sessions and submissions data is available for customers with a TIM license and at least one of the following products:</SPAN></EM></EM> <P>&nbsp;</P> <DIV> <UL> <LI class=""> <DIV> <DIV class=""> <DIV><EM>Palo Alto Networks Firewall</EM></DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV><EM>WildFire</EM></DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV><EM>Cortex XDR</EM></DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV><EM>Prisma SaaS</EM></DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV><EM><EM>Prisma Access</EM></EM> <P><LI-WRAPPER></LI-WRAPPER></P> <DIV class=""> <DIV> <DIV><EM><EM>Sessions&nbsp;<EM style="font-family: inherit;">refers to firewall sessions, while&nbsp;<EM>Submissions&nbsp;<EM style="font-family: inherit;">&nbsp;refers to logs of samples reported to Wildfire from other Palo Alto Networks products. Sessions data shows you connections from one endpoint to another, and submissions data shows you if a file was found on a specific endpoint.</EM></EM></EM></EM></EM> <DIV>&nbsp; <DIV>We are using PaloAlto Firewall. Does this mean I send traffic sessions from the PaloAlto firewall to XSOAR and it checks the IPs (realtime or periodically) e.g. source or destination is in the indicator list present in Threat Intel section on XSOAR? <DIV>How does this integration work? <DIV>&nbsp; <DIV>Thanks</DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> </DIV> <P>&nbsp;</P> </DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV>&nbsp;</DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV>&nbsp;</DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV>&nbsp;</DIV> </DIV> </DIV> </LI> <LI class=""> <DIV> <DIV class=""> <DIV>&nbsp;</DIV> </DIV> </DIV> </LI> </UL> </DIV> </DIV> Mon, 31 Oct 2022 14:17:28 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-sessions-and-submissions-option/m-p/519675#M1357 pottapitot 2022-10-31T14:17:28Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-sessions-and-submissions-option/m-p/521860#M1429 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>No, XSOAR does not process or enrich this info, you will only be able to view and query the sessions data generated from your PAN firewall and listed other products.</P> <P>&nbsp;</P> Mon, 21 Nov 2022 12:24:02 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-sessions-and-submissions-option/m-p/521860#M1429 sramesh-7 2022-11-21T12:24:02Z