Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 493 Views
  • 0 replies
  • 0 Likes

USB Flash Drives

Hi, We are using Cortex XSIAM. Now, the challenge we are facing is that if anyone connects a USB flash drive that has been allowed to use a USB, their computer gets infected with malware.
 
What we want is for the user to connect to the USB, for a real

...

O.Faheem by L1 Bithead
  • 182 Views
  • 2 replies
  • 0 Likes

Severity in correlations

Hello.

Could you help me with the severity field of the correlation?

I need to customize the severity of the alert based on the user who triggers the query.
The query is already made. When I configure the correlation to get this severity, it ignores

...

XQL to query Indicators

Hi , 
I want to create a Dashboard widget that shows a pie graph for indicators. There is the built in widget "indicatorsByVerdict" but I want to create something a bit different. I couldn't find a way to figure that out.

Resolved! Question on transaction stage in XQL

It doesn't appear that the documentation on the transaction stage in XQL is very clearly documented. Does anyone know what the transaction stage really does? Does, and what it uses to "find transactions"?

Does it just find instances of contiguous eve

...

Broker-VM disconnet alert notification

Hi All,

 

anyi dea how i can generate an alert when a broker-vm gets disconnected?

 

Has anyone managed to create a correlation rule that will alert if a Broker-VM gets disconnected from XSIAM?

the xsiam documentation states that 'To help you monito

...

PA_nts by L4 Transporter
  • 336 Views
  • 3 replies
  • 0 Likes

XSIAM Integration Web Server

Hi,
I want to create an Integration that start a simple web server with a single button for example that print "Hello World".
There is the out of the box integration "Generic Export Indicators Service" I want it to be based on that (With Long Running i

...

Resolved! Computers no longer showing in Console

Hi,

 

We have staff members who work in the mining area and do not connect for a very long time; in some cases we have seen they came back from the sites after four months. Additionally, their computers do not appear on the Cortex XSIAM console, or I

...

O.Faheem by L1 Bithead
  • 348 Views
  • 1 replies
  • 0 Likes

Azure Entra SSO for Cortex XSIAM/XDR

Hello LIVEcommunity,

 

Seeking help on Azure Entra SSO integration for XSIAM/XDR.

I've managed to setup the configuration according to the documentation. The SP-initiated login are working fine, but not the Idp-initiated login. Logged a case with Pal

...

Antony_Chan_0-1747924966467.png

Linking Issues to Cases with Command

Hello Livecomm, 

I am trying to link an issue to a case using CLI/automation or similar. Right-clicking on an issue allows me to assign it to a case, but I have not found an option to do this programmatically. I have tried using the link incident and

...

Resolved! Creating a Custom Issue For a Case

Hello LiveComm,

I have created a custom case with a single Issue for a Use-Case.

I want to create more issues with a command or script in this custom case which will eventually be a playbook task.  How does one do such an action?

Many thanks,

MSysec

...

  • 84 Posts
  • 37 Subscriptions
Top Solution Authors
Top Liked Authors
Labels