AI Prompt Feature | XSIAM Version 3.4

A.Velusamy · ‎03-08-2026

Hi All,

Does anyone tested the AI prompt feature in XSIAM version 3.4?

From our experience, only generic prompts seem to be working. When we try to use specific real-time case or issue data, it doesn't respond as expected.

We haven't been able to test out-of-the-box or custom prompts using input data like Issue ID or Issue Name, as the AI prompt can't access real-time data for analysis.

Has anyone else encountered this issue?

susekar · ‎03-10-2026

Hello @A.Velusamy ,

Greetings for the day.

In Cortex XSIAM version 3.4, the AI prompt feature (often associated with the Agentic Assistant or AgentiX) requires specific variable mapping and syntax to access real-time case or issue data. Based on internal investigations and engineering guidance, simply inputting a static Issue ID or Name is insufficient because the AI model needs a reference to the actual context object to perform analysis.

Key Requirements for Accessing Real-Time Data:

Use Correct Variable Syntax

When executing prompts like IssueSummaryAndRemediation, you must provide the path to the issue object in the context rather than a manual ID string. The required syntax (based on the AI Prompts playbook) is:

!IssueSummaryAndRemediation issue=${issue}

Execution Environment:

These prompts must be run from a location where the issue context is natively available, such as:

The Issue War Room
A Playbook within the issue's work plan

Running them from a Playground environment without a loaded context will result in failures or generic responses.

Core Integration Dependency

The AI Agent relies on the Cortex Platform - Core integration to interact with cases and issues.

Ensure that:

The Cortex Platform - Core content pack is installed from the Marketplace.
An integration instance is configured and enabled under Settings > Data Sources > Integrations.

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".

Thanks & Regards,
S. Subashkar Sekar

TobiasHahn · ‎03-10-2026

Hi,

@susekar wrote:

These prompts must be run from a location where the issue context is natively available, such as:

The Issue War Room

A Playbook within the issue's work plan

this is not true. I tested this just now in an arbitrary XQL tab in our environment (no issue context), and was able to access arbitrary issues, see screenshot. The !IssueSummaryAndRemediation issue=12345 was working for me, although the assistant did not recognize the command (no autocomplete). I'm not sure if the agentic assistants support the old !command syntax at all.

@A.Velusamy There might be some setup steps still missing in your environment as mentioned by @susekar , we also needed to activate an additional integation for the Agentic Assistant to work. Would be nice if this information ("this option is not supported because the integartion xx is not enabled") would be a output from the assistant instead of "I can't do that", but hey.

We are not really impressed by the Agentic Assistants so far. There are a couple of examples where the functionalities are really impressive, like the following prompt (which was also shown in a webcast):

Please extract all IP addresses listed as IOC in this report https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/ and check if any connection from our environment has been made to any of these addresses of the last 24 hours. You might need to defang the IPs.

This completed successfully including a completed XQL search (although the assistant did extract the links to other unit42 blocks as IOCs).

On the other side, assistants currently fail to generate even the most basic xql queries that don't contain hallucinated commands, we have a support case open for this.

Edit: "Fun" fact: if you use a different prompt for basically the same request, you get much more detailed summary, see second screenshot.

A.Velusamy · ‎03-12-2026

Yes, AI prompt is not working in the issue war room as well as in the playbook but if we use this command -!IssueSummaryAndRemediation issue=1234 in Agentic Assistant it provides the summary. See the screenshot attached. It won't be helpful if palo alto provides some proper information about this.

I have enabled and tested - Cortex Platform - Core.

Gino · ‎03-21-2026

I don’t think running the command inside an Agentic Assistant chat is how AI Prompts it’s intended to be used. Agentic interprets the command as the task it needs to perform, rather than actually executing the prompt.

I had the same problem, and what @susekar recommended worked for me. I put the prompt into a playbook, and in the input I directly used ${issue}—I didn’t reference specific variables, I just passed the entire alert

So far it worked, whereas before it didn’t (I was getting the same issue as the creator of this topic.)

susekar · ‎03-23-2026

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".

Thanks & Regards,
S. Subashkar Sekar

Unlock your full community experience!

AI Prompt Feature | XSIAM Version 3.4