Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2808 Views
  • 0 replies
  • 0 Likes

XSIAM Assets / Network Mapper - How to identify unknown assets

We configured network mapper in the BrokerVM settings and using multiple ports for network identification. Of course, on the firewalls we allow all traffic from them to make a full visibility internally. However, the scan doesn't resolve the hostname or open ports on the machine that can support with OS identification, like 22/ssh - potential Li...

MDovirak by L2 Linker
  • 1315 Views
  • 1 replies
  • 0 Likes

XQL Query for a Correlation Rules

I am trying to write a xql query for a correlation rule in which alert or incident will trigger for below condition.Condition: Threshold: Only once on match 2 Detect on unique values of: hostnameSo, my question is. how to write "Detect on unique values of: hostname" in a xql query? Please help me with a sample XQL search or syntax in XSIAM.Best ...

What part of the network did an alert generate from?

Within XSIAM, an enterprises' network asset ranges are defined at Assets > Network Configuration. On adding a network, you are able to assign the network a range name and and IP address range. When an alert is generated within XSIAM, where is the range name found within the alert? We want easily be able to see from which part of the ente...

XSIAM and ITSM Integration question

Hi All, anyone successfully done this to date? my integration works in that I can communicate with ITSM ok. however, I have the following issue.. our ITSM Dev team have provided some fields that is required from XSIAM playbook to ingest the tickets successfully. These include fileds such as 'source' host' 'subject' details' etc.. however on the ...

PA_nts by L4 Transporter
  • 1094 Views
  • 0 replies
  • 0 Likes

OT Security | XQL

Hello community,Can someone please help me with build some XQL queries to monitor some OT environment, or give me some tips and idea for this topic.thnx 😄

Y.Zalsov by L1 Bithead
  • 792 Views
  • 0 replies
  • 0 Likes

Is there a way to monitor the Broker VMs to see what is connecting (or attempting to connect) to them?

Is there a way to monitor the Broker VMs to see what is connecting (or attempting to connect) to them? Is there a way in the XSIAM UI to determine what devices are attempting to connect to them (IP, protocol, and port) to observe if certain devices are connecting or having problems connecting to them?

A.Donald by L0 Member
  • 885 Views
  • 0 replies
  • 0 Likes

Lookups to compare the difference

I am trying to find clients missing software, I found all the clients WITH the software, dumped them into a a lookup and now trying to find the difference, basically return the ones NOT in the lookup,So something like this: dataset = host_inventory| filter applications != null| arrayexpand applications| alter applicationname=json_extract(applica...

XSOAR engine upgrade

For engine upgrade , do we have to manually run the upgrade installer file in engines or just clicking on the “ upgrade engine” button in the UI of XSiam would be enough?

Urgent Help Needed: Where Can I Find Cortex XSIAM Deployment and Service Management Training Videos?

Hi Team, I have a new client, one urgently transitioning from QRadar to Cortex XSIAM, and I'm completely unfamiliar with XSIAM. I urgently need instructor-led training on deploying and managing this solution, as I'm unsure how to proceed. Any help would be greatly appreciated.Thanking you Regards,Cathy

Tony_74 by L0 Member
  • 2017 Views
  • 2 replies
  • 0 Likes

Resolved! Using XQL queries in XSIAM playbooks

Hi Team, I'd like to enquire whether Cortex XSIAM can search the logs of a dataset using XQL Query in a Playbook.Cortex XSOAR can do that for Cortex XDR using the integration of "Cortex XDR - Search and Compare Process Executions - XQL Engine" .

Integrating Proofpoint TAP into XSIAM

Hi, I would like some guidance on which data source I should use when integrating Proofpoint TAP into XSIAM. In the content pack "Proofpoint TAP" on the marketplace, There is a data source named "Proofpoint TAP". This data source has the ability to fetch alerts, and it ingests into the "proofpoint_tap_v2_generic_alert_raw" data set. Howev...

  • 171 Posts
  • 44 Subscriptions
Top Solution Authors
Labels