Timeout issue - Health Issue/Alerts in XSIAM

Hello,

We are seeing multiple health issues under collection type.

For example: 

Issue name: Collection error in the instance AWS_***  collector

Description: timeout while waiting for server to answer: request ********-****-****-****-**********.

adding dataset fields to alert or incident context data

Hi All,

Using a custom parsing rule i am adding a custom field a dataset - this works all good i can see my new field in the dataset with values.

question - how can i get this field to show in my alert and/or incident context data?

thanks in adv

XQL question

Hello,

I'm trying to get all the outgoing firewall traffic, except port 80, 443 using the query below but no sucess. Any ideias?

dataset = panw_ngfw_traffic_raw
| filter source_ip in ("x.x.x.x/24")
| filter dest_port != 443 and 80
| fields _time, sour

AI Created SOC SOP's Base on Detection/Playbook Title

Hi All,

I’ve developed a script that takes a list of SOC detections and/or playbook titles, analyses associated metadata, and automatically generates full Standard Operating Procedures — ready for upload into Confluence or as a simple text file for

Limit the use of memory of Cortex XDR pro agent

Hi,

We have a large memory consuption of memory in SQL servers and micro-services, the question it is posiible to limit the memory consuption for these especific cases or there is another recomendation to create a profile with some exceptions for t

xSIAM to xSOAR integration

Hey,

We’re currently looking at a potential xSIAM customer but haven’t been able to find any documentation confirming whether xSIAM can integrate with xSOAR. Does anyone have any insight?

Context:
I work for an MSSP that leverages xSOAR to ingest detec

sending NGFW logs to XSIAM without broker-vm

Hi,

I have a xsiam tenant running and a palo vm-100 (11.2.x) in our lab (xsiam / ngfw exists in the same csp account)

trying to find docs on this process.. the xsiam admin guide is pretty vague, it says yes and explains the steps on the xsiam side mo

Tagging all data from a broker-vm

Hi All,

has anyone done this to date yet?

I have a broker-vm deployed  in a specific region and want to tag any and all data from this broker-vm with a custom region tag.. 

anyone written a parsing rule for this as yet?

thanks in adv

Options to onboard Microsoft Message trace logs into XSIAM

As we have an option in Splunk to see the all the message tracking logs through Microsoft message trace app, do we have any similar app to integrate?

Cortex XSIAM 

XSIAM NGFW Panorama logs onboarding

What is the recommended method to onboard NGFW logs. If the NGFWs are sending the logs to Panorama, how should i get the logs to XSIAM. I did see the "NGFW" integration and there is also syslog through Broker VM. which one is recommended? If I use th

Parsing Rule and Data Model Rule

I'm new to Cortex XSIAM..Wanted to understand how effectively parsing rule and Data model rule can be used for a particular data source and how it works?

Mapping of Cortex XSIAM fields with ServiceNow

Please can you suggest how can you map more than the set fields with ServiceNow for an incident? Currently only limited fields are able to map.

IP Enrichment from Internal IP Address Range

Is it possible to build API request to enrich details about the local IP and in which Internal IP CIDR range it is exists? We have this data in XSIAM configuration. 

For big enterprise with many networks its useful enrichment to know the network locat

Detecting error and warning 3rd party connectors using XQL Query by creating a correaltion rule

can some one suggest to identify and detect the datasources in warning and error state can be detected using XQL query