Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 239 Views
  • 0 replies
  • 0 Likes

Resolved! High Memory usage of Cortex Agent

Hi Team,

 

Currently we are currently using XSIAM Agent v8.4, and it is consuming 300+mb of memory. How can we minimize its memory usage?

 

Please see attached photo as reference.

 

Thank you!

Context polling playbook

In XSIAM playbook,I’m trying to fetch the incident status. When the incident status is changed to for eg under_investigation I want to my playbook to run a certain task. 
for this I want use context polling sub playbook 

key : parentIncidentFields.sta

...

Forcepoint proxy integration with XSIAM

Hi Palo Team, I am trying to onboard Forcepoint proxy logs into XSIAM, but i couldn't found any marketplace app/supporting datamodel.

Could someone help/guide to onboard the forcepoint proxy logs.

additionally referring to Splunk where we have a option

...

T.Sode by L0 Member
  • 161 Views
  • 0 replies
  • 0 Likes

XSIAM Incidents notes and messenger

Hi everyone,

 

I am trying to get all the information added to the Notepad or Messenger fields (Incident Discussion) from the incidents.
I do not need the information contained in the RESOLVE_COMMENT column of the incidents table.
Would it be possible

...

About cross-tabulation in XQL

Hi

 

Is it possible to execute PIVOT on the results of XQL execution?

For example, if I execute an XQL query on the following table

1/1/2025 allow hostname
1/1/2025 deny hostname
1/2/2025 allow hostname
1/2/2025 allow hostname
1/3/2025 deny hostname
1/3/2

...

Severity in correlations

Hello.

Could you help me with the severity field of the correlation?

I need to customize the severity of the alert based on the user who triggers the query.
The query is already made. When I configure the correlation to get this severity, it ignores

...

Playbook| XSIAM

How to check if a particular integration is enabled using a playbook?

 

for example I want a conditional task that checks if AD is enabled. What filters can I use ?

XDR Agent Reconnecting

 

 

Agent Version: 8.6.0.3704
Last Seen: 01 January 2025

 

We had to remove the protection since it is cutting off connection via SSH for Backup purposes. Moreover, with protection off, it is able to backup consistently.

 

My question is, we have I al

...

  • 57 Posts
  • 34 Subscriptions
Top Liked Authors
Labels