Broker Helath Checking

Hello everyone!

I working in a environment that have some broker clusters and local brokers as well, I would like know how I can implement some way to have a daily health checking for these brokers, like if the broker is need a reboot to update, if

[Cortex XSIAM ] XDR Collector Collect Windows Security Log。XDR Collectors Administration Status display "Error".

Currently, I'm using the default templates.

Despite trying many tests, this error message persists.

Am I missing any information?

XDR Collectors Administration Status display "Error".

Error Message : 
Exiting: no modules or inputs enabled and config

Problem with Conditional Task Not Matching XQL Output in Cortex XSIAM Playbook

Hello everyone,

I am building a simple playbook in Cortex XSIAM to check whether an endpoint is CONNECTED or DISCONNECTED using an XQL query on the endpoints dataset.

The XQL query works correctly and returns the expected output:

{
"results": [
{
"endpo

How do you handle Low Severity alerts/issues?

want to know how you guys deal with low severity alerts.. 

do you monitor/analyze them or only focus on incidents  with medium/high/critical severity?

do you run any playbook automation against these low sev alerts?

are there any best practices from

XSIAM - Vulnerability field (Issues)

Hi All.

Please, using "JSON Sample Incident Generator (Community Contribution)" app, is there any way to set "CATEGORY" field a value on Issues?.

Using "Classification & Mapping" and setting "Category" field to a specific value did not work.

Th

Preventing Access to "Resolve & Create Exclusion " based on Role

Hello Livecomm,

I have a trivial question. Does anyone know how to prevent users from a specific role to '"Resolve & Create Exclusion " when closing a case?

I have reviewed the various options the role provides but there is no mention of this feature

XSIAM V3.3 upgrade - anyone having issues?

Hi All, 

We have a XSIAM tenant running v3.2 and PAN upgraded to V3.3 yesterday (Nov 16th 2025) and since then we have a number of issues ie

- content pack updates (base/scripts etc) updates failing

- transformers missing as such custom playbook runs

Timeout issue - Health Issue/Alerts in XSIAM

Hello,

We are seeing multiple health issues under collection type.

For example: 

Issue name: Collection error in the instance AWS_***  collector

Description: timeout while waiting for server to answer: request ********-****-****-****-**********.

adding dataset fields to alert or incident context data

Hi All,

Using a custom parsing rule i am adding a custom field a dataset - this works all good i can see my new field in the dataset with values.

question - how can i get this field to show in my alert and/or incident context data?

thanks in adv

XQL question

Hello,

I'm trying to get all the outgoing firewall traffic, except port 80, 443 using the query below but no sucess. Any ideias?

dataset = panw_ngfw_traffic_raw
| filter source_ip in ("x.x.x.x/24")
| filter dest_port != 443 and 80
| fields _time, sour

AI Created SOC SOP's Base on Detection/Playbook Title

Hi All,

I’ve developed a script that takes a list of SOC detections and/or playbook titles, analyses associated metadata, and automatically generates full Standard Operating Procedures — ready for upload into Confluence or as a simple text file for

Limit the use of memory of Cortex XDR pro agent

Hi,

We have a large memory consuption of memory in SQL servers and micro-services, the question it is posiible to limit the memory consuption for these especific cases or there is another recomendation to create a profile with some exceptions for t

xSIAM to xSOAR integration

Hey,

We’re currently looking at a potential xSIAM customer but haven’t been able to find any documentation confirming whether xSIAM can integrate with xSOAR. Does anyone have any insight?

Context:
I work for an MSSP that leverages xSOAR to ingest detec

sending NGFW logs to XSIAM without broker-vm

Hi,

I have a xsiam tenant running and a palo vm-100 (11.2.x) in our lab (xsiam / ngfw exists in the same csp account)

trying to find docs on this process.. the xsiam admin guide is pretty vague, it says yes and explains the steps on the xsiam side mo