AI Prompt Feature | XSIAM Version 3.4

Hi All,

Does anyone tested the AI prompt feature in XSIAM version 3.4?

From our experience, only generic prompts seem to be working. When we try to use specific real-time case or issue data, it doesn't respond as expected.

We haven't been able to tes

XSIAM custom widget with custom timeframe

Need help in creating a custom dashboard like "incident status board" but need a custom time frame to select the dates and time,
1.find MTTR in that time frame
2. find the resolution category type for the same time frame data

Thanks for assisting

Querying System Notifications in XSIAM/XDR

Hello,

Fetched Integrations Objects in XSIAM 3.4

Good morning Live Community,

Recently upgraded from XDR to XSIAM.  Have never had XSOAR in the past, but worked through POCs at two different orgs, so somewhat familiar, nowhere near proficient.  Built some simple automations largely dependent on M

Fortigate Correlation rules thread

Hi All,

With Fortigate FW logs ingesting into XSIAM, even with the forti content pack installed, there is no real method for detection apart from the analytics engine that will use the '3rd party firewalls' analytic rules to natively detect issues/al

How do you handle Low Severity alerts/issues?

want to know how you guys deal with low severity alerts.. 

do you monitor/analyze them or only focus on incidents  with medium/high/critical severity?

do you run any playbook automation against these low sev alerts?

are there any best practices from

XSIAM Email Communication

In XSIAM, we need a way for analysts to send email updates at different stages of an incident — like when it is received, contained, and recovered.

Each case should have its own email chain that includes all previous emails for that case.

To support

Cortex XDR Host Firewall Rule evaluation

Hi Team,

I have a doubt about Host Firewall rule evaluation. Let say i have a rule created to allow all internal application inbound traffic on specific port / Remote IP. In the same rule group if i create another outbound rule and action type : allo

Monitoring Bluetooth

Hi,

We are using Cortex XSIAM. Now we want to perform monitoring of Bluetooth in Microsoft Windows 10 and 11 computers. The reason we want to check whether our users are connecting their mobile phones, like iPhone and Androids, through their office

Mapping of Cortex XSIAM fields with ServiceNow

Please can you suggest how can you map more than the set fields with ServiceNow for an incident? Currently only limited fields are able to map.