This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2791 Views
  • 0 replies
  • 0 Likes

Resolved! How to create Business Units?

Hello, Team. I want to add new assets to my XSIAM deployment. I found that this can be done by creating a special CSV file (https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-3.x-Documentation/Upload-or-remove-ASM-assets). However, the “Business Units” column is required in this table. But we don’t have any Business Units (we c...

How to exclude a legitimate signed process from Anti-Ransomware Protection (Suspicious File Modification) in block mode?

Hi all, We get a false positive on Cortex XSIAM: Alert: Suspicious File Modification Module: Anti-Ransomware Protection Process: jpconsole.exe (OpenText Blazon), signed by Open Text Corporation, WildFire = Benign It is a legitimate app that modifies many files normally, so it looks like ransomware. We are in Report mode now and want to move to B...

DNS Analytical Logs

Hi Everyone, I need some assistance integrating DNS Analytical Logs into XSIAM. I have tried collecting these logs using an XDR Collector and other available methods, but so far I have not found a supported approach. This requirement is quite urgent, and I would appreciate any guidance from anyone who has successfully integrated DNS Analytical L...

M.Harne by L1 Bithead
  • 281 Views
  • 3 replies
  • 0 Likes

Resolved! life of a case

Hi all, I am trying to figure out the life of a case and run into a question I can't seem to find the documentation about:What happens when a case has been set to resolved but a new matching issue pops up? Is a new case created or is the resolved case re-opened?

XSIAM Integration Web Server

Hi,I want to create an Integration that start a simple web server with a single button for example that print "Hello World".There is the out of the box integration "Generic Export Indicators Service" I want it to be based on that (With Long Running instance, Nginx etc..)I have tried to do so but I couldnt make it work.Would love to get some help...

Azure XSIAM

How is on-boarding logs using Microsoft Azure integration different from using the Azure Event hub integration? https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-3.x-Documentation/Onboard-Microsoft-Azure https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Documentation/Ingest-Logs-from-Microsoft-Azure-Event-H...

IOC Exclusion for when an IOC was denied by the FW

Hi All, so when an IOC is added for an IP address for example in XSIAM, and a FW logs containing this IP is ingested to XSIAM, then XSIAM will auto create an alert for this IOC regardless if dropped or allowed by the FW.. it detect this IOC and creates an alert. has anyone found a solution for IOC not to trigger when the FW action has already...

PA_nts by L4 Transporter
  • 269 Views
  • 2 replies
  • 0 Likes

Resolved! bulk close issues

Hello teamI have the following scenario of 16K open issues and I would like to perform mass closure of these open cases. Is there any way to do this? i tried to build a playbook which i give it the excel sheet of all the issues IDs and start bulk resolve but i have problem with it , it is very slow , i mean it takes 24 hours for just close 4K is...

Crowdstrike Integration to XSIAM

Hi All, We are running XSIAM with the Crowdstrike Falcon content pack installed, the parsing and datamodeling works.. data is ingesting etc etc.. however we are not seeing any alerts being generated as yet.. the content pack does not include a realtime correlation rule to pull and map alerts into xsiam. Has anyone done a custom correlation rul...

PA_nts by L4 Transporter
  • 235 Views
  • 0 replies
  • 0 Likes
  • 167 Posts
  • 44 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks