This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2744 Views
  • 0 replies
  • 0 Likes

life of a case

Hi all, I am trying to figure out the life of a case and run into a question I can't seem to find the documentation about:What happens when a case has been set to resolved but a new matching issue pops up? Is a new case created or is the resolved case re-opened?

Azure XSIAM

How is on-boarding logs using Microsoft Azure integration different from using the Azure Event hub integration? https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-3.x-Documentation/Onboard-Microsoft-Azure https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Documentation/Ingest-Logs-from-Microsoft-Azure-Event-H...

IOC Exclusion for when an IOC was denied by the FW

Hi All, so when an IOC is added for an IP address for example in XSIAM, and a FW logs containing this IP is ingested to XSIAM, then XSIAM will auto create an alert for this IOC regardless if dropped or allowed by the FW.. it detect this IOC and creates an alert. has anyone found a solution for IOC not to trigger when the FW action has already...

PA_nts by L4 Transporter
  • 168 Views
  • 2 replies
  • 0 Likes

Resolved! bulk close issues

Hello teamI have the following scenario of 16K open issues and I would like to perform mass closure of these open cases. Is there any way to do this? i tried to build a playbook which i give it the excel sheet of all the issues IDs and start bulk resolve but i have problem with it , it is very slow , i mean it takes 24 hours for just close 4K is...

Crowdstrike Integration to XSIAM

Hi All, We are running XSIAM with the Crowdstrike Falcon content pack installed, the parsing and datamodeling works.. data is ingesting etc etc.. however we are not seeing any alerts being generated as yet.. the content pack does not include a realtime correlation rule to pull and map alerts into xsiam. Has anyone done a custom correlation rul...

PA_nts by L4 Transporter
  • 167 Views
  • 0 replies
  • 0 Likes

Resolved! XSIAM - Data Patterns

Hi. Please, a question about Data Patterns in Cortex XSIAM. Once the connection from the Broker VM to the Windows server (SMB) is configured, the connection is verified and displayed under Modules -> Data Security -> Storage Buckets, how is it linked to previously created Data Patterns and Data Profiles?. Thank you in advanced. Regards.

Username Generalization Playbook

Hey all, i'm hoping that someone has already started something like this and can get me a few steps past the starting line but as we know, in a corporate environment, there are various ways that usernames come across (abc123, first.last, domain/abc123, domain/first.last, fqdn....etc) from different log sources. This creates complexity for playbo...

XSIAM Content Update Notifications pack

Hi, has anyone deployed this to date and have it working? just started looking at this as a means to notify our platform team when we need to perform content updates etc as we manage a number of xsiam tenants.. and out the box both the playbooks fails, so would imagine some customization is needed. the deployment documentation is sparse at bes...

PA_nts by L4 Transporter
  • 402 Views
  • 3 replies
  • 0 Likes

XSIAM Integration Web Server

Hi,I want to create an Integration that start a simple web server with a single button for example that print "Hello World".There is the out of the box integration "Generic Export Indicators Service" I want it to be based on that (With Long Running instance, Nginx etc..)I have tried to do so but I couldnt make it work.Would love to get some help...

Resolved! XSIAM - API Get Correlation Rules - Least Priviledge

In the API reference, it states that you must have Instance Administrator permissions to run the endpoint /public_api/v1/correlations/get. Is it possible to create a custom role for the API key that has sufficient permissions to execute this endpoint? Do you know any other way to retrieve the query from a specific correlation rule? Cortex XSI...

Resolved! UEBA Capabilities

Hi All, I'm looking for some guidance around UEBA capabilities in XSIAM. Currently, we are using the free trial version of the ITDR module in XSIAM. If we do not have ITDR module license , what are the ways to enhance UEBA capabilities in XSIAM?. Should we manually develop UEBA pattern-related use cases using telemetry logs? Appreciate your...

  • 162 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks