05-27-2023 10:11 AM
Hello dear community,
who of you is using XSIAM? How is it?
Will XDR + XSIAM ever get together in one product?
BR
Rob
05-29-2023 12:30 AM
Hi @RFeyertag all underlying components of XDR are already in XSIAM, and much more. Which means, you get the same set of agents send events/alerts to the management console in XSIAM for stitching. Using automation/playbooks, you can initiate actions on those alerts. There's also a massive chunk of XSOAR bits that have been introduced into XSIAM for additional use cases like data ingestion, integrations, playbook development, threat intel, attack surface management etc. So a rough analogy would be:
XSIAM = XDR + XSOAR + Xpanse
Take a look at the following sections (Architecture and Concepts) : https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Architectur...
05-29-2023 12:30 AM
Hi @RFeyertag all underlying components of XDR are already in XSIAM, and much more. Which means, you get the same set of agents send events/alerts to the management console in XSIAM for stitching. Using automation/playbooks, you can initiate actions on those alerts. There's also a massive chunk of XSOAR bits that have been introduced into XSIAM for additional use cases like data ingestion, integrations, playbook development, threat intel, attack surface management etc. So a rough analogy would be:
XSIAM = XDR + XSOAR + Xpanse
Take a look at the following sections (Architecture and Concepts) : https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Architectur...
09-05-2023 03:03 AM
Hi Community,
I would like to know few things about Cortex XSIAM solution:
1. Auto Discovery feature: If any new log source is added, can the solution notify?
2. How the asset risk score is calculated?
3. In XSIAM, full raw logs of XDR/SIEM will be available or only parsed data?
4. Upgradation of XDR/SOAR/TIP/SIEM will be done all at once or one at a time?
5. How do the solution mimnimizes log delay? How often do we observe delays?
6. Where are the DC and DR placed?
7. Do we have any feature in XSIAM for forensics?
8. How does the licensing work? How much EPS is supported without slowness?
9. Need to know the exact flow of data.
10. How many conectors are available? (API). In case if connector is not available, how much time does it take for integration?
11. Any OOTB use cases/policies available?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
