Cortex XSIAM + XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XSIAM + XDR

L4 Transporter

Hello dear community, 

 

who of you is using XSIAM? How is it?

Will XDR + XSIAM ever get together in one product? 

 

BR 

 

Rob

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @RFeyertag all underlying components of XDR are already in XSIAM, and much more. Which means, you get the same set of agents send events/alerts to the management console in XSIAM for stitching. Using automation/playbooks, you can initiate actions on those alerts. There's also a massive chunk of XSOAR bits that have been introduced into XSIAM for additional use cases like data ingestion, integrations, playbook development, threat intel, attack surface management etc. So a rough analogy would be:
XSIAM = XDR + XSOAR + Xpanse

 

Take a look at the following sections (Architecture and Concepts) : https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Architectur...

View solution in original post

3 REPLIES 3

L5 Sessionator

Hi @RFeyertag all underlying components of XDR are already in XSIAM, and much more. Which means, you get the same set of agents send events/alerts to the management console in XSIAM for stitching. Using automation/playbooks, you can initiate actions on those alerts. There's also a massive chunk of XSOAR bits that have been introduced into XSIAM for additional use cases like data ingestion, integrations, playbook development, threat intel, attack surface management etc. So a rough analogy would be:
XSIAM = XDR + XSOAR + Xpanse

 

Take a look at the following sections (Architecture and Concepts) : https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Architectur...

Thank you!!

 

BR

 

Rob

L0 Member

Hi Community,

 

I would like to know few things about Cortex XSIAM solution:

 

1. Auto Discovery feature: If any new log source is added, can the solution notify?
2. How the asset risk score is calculated?
3. In XSIAM, full raw logs of XDR/SIEM will be available or only parsed data?
4. Upgradation of XDR/SOAR/TIP/SIEM will be done all at once or one at a time?
5. How do the solution mimnimizes log delay? How often do we observe delays?
6. Where are the DC and DR placed?
7. Do we have any feature in XSIAM for forensics?
8. How does the licensing work? How much EPS is supported without slowness?
9. Need to know the exact flow of data.
10. How many conectors are available? (API). In case if connector is not available, how much time does it take for integration?
11. Any OOTB use cases/policies available?

  • 1 accepted solution
  • 1973 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!