Options to onboard Microsoft Message trace logs into XSIAM

As we have an option in Splunk to see the all the message tracking logs through Microsoft message trace app, do we have any similar app to integrate?

Cortex XSIAM 

sending NGFW logs to XSIAM without broker-vm

Hi,

I have a xsiam tenant running and a palo vm-100 (11.2.x) in our lab (xsiam / ngfw exists in the same csp account)

trying to find docs on this process.. the xsiam admin guide is pretty vague, it says yes and explains the steps on the xsiam side mo

XSIAM NGFW Panorama logs onboarding

What is the recommended method to onboard NGFW logs. If the NGFWs are sending the logs to Panorama, how should i get the logs to XSIAM. I did see the "NGFW" integration and there is also syslog through Broker VM. which one is recommended? If I use th

Parsing Rule and Data Model Rule

I'm new to Cortex XSIAM..Wanted to understand how effectively parsing rule and Data model rule can be used for a particular data source and how it works?

Mapping of Cortex XSIAM fields with ServiceNow

Please can you suggest how can you map more than the set fields with ServiceNow for an incident? Currently only limited fields are able to map.

IP Enrichment from Internal IP Address Range

Is it possible to build API request to enrich details about the local IP and in which Internal IP CIDR range it is exists? We have this data in XSIAM configuration. 

For big enterprise with many networks its useful enrichment to know the network locat

Detecting error and warning 3rd party connectors using XQL Query by creating a correaltion rule

can some one suggest to identify and detect the datasources in warning and error state can be detected using XQL query

Questions About Cortex XSIAM API Limits (IOCs Insertion & Retrieval, Rate Limiting)

Hi Community,

We are integrating with the Cortex XSIAM API and would appreciate some clarity on the following points:

1. Insert IOCs
   We plan to use the endpoint:
   https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Insert-or-update-IOCs
   What i

XSIAM Pending Playbooks

In XSIAM, how can I determine (query ?) the current total number of playbooks with a playbook run status of "Pending" via an XSIAM command or XSIAM API, as opposed to filtering in UI ?  The use case is to be "proactively" notified (via workflow or jo

XSIAM XQL Query help needed

Hi All,

So i need some xql query help please..

Example : I have 2 datasets in xsiam, one called 'xdr_data', and another called 'ioc',
In my 'ioc' dataset I have a field called 'indicator' with different values ie 4.4.4.4; 1.2.3.4 for example.. these

XSIAM Engineer Certification

Has anyone completed the Cortex XSIAM Engineer certification? If so, could you share your experience? Also share your guidance on how to prepare for it.

Marketplace Content pack update - best practices

Hi All,

How do you manage content updates in the market place currently?

Any best practices to follow as it seems this is a manual process to review the release notes and plan updates accordingly.

Is there a way to notify via email if new content pac

XSIAM Always Request Generate a New API Token from Trend Micro Vision One

Hello Everyone, I have a problem integrating with Trend Micro Vision One in the marketplace. It seems that XSIAM always requests a new API token from Vision One. Is there any solution? 

Thank You !

Saving XSIAM Command Center as Template

Hi,

Anyone know if possible to save the 'XSIAM command center dashboard' as a report template? the option for me is greyed out 

i have a feeling not possible.. but guess worth asking.

thanks in adv

Collecting IIS Log

Hi,

I have configured the filebeat to collect the IIS log,

but I don't see any dataset related to the IIS log in the dataset table and also don't know how and in which dataset to get those logs.

this the filebeat configuration

---
filebeat.modules:
- m