This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2632 Views
  • 0 replies
  • 0 Likes

Simple QXL Query help needed

Hi All, withing query builder i have a very basic query as per below.. dataset = metrics_source | fields _vendor , _product , total_size_bytes which shows me the data sources and the amount of ingested data per source which is fine over a period specified in (24hr/days etc).. what i am trying to achieve is for a period of 24 hours, for it ...

PA_nts by L4 Transporter
  • 1372 Views
  • 1 replies
  • 0 Likes

Resolved! Unified Inventory

Hello, I have come across references to 'Unified Inventory' in the documentation for XSIAM, Xpanse, and Prisma Cloud. Could anyone please clarify if this is a single offering from Palo Alto Networks or specifically from Cortex? Alternatively, do these products each refer to their own inventory feature as being 'unified'?Ex: https://docs-cortex.p...

sh4unz0r by L0 Member
  • 3375 Views
  • 3 replies
  • 0 Likes

Unified/Assets Inventory and XQL

Do we have the ability to call Unified Inventory or Assets Inventory via XQL Query? I have many interesting examples and potential use cases for how this data can be used. Also, some custom reports like 'new assets detected in last 24h' can be useful for IT teams. If it is impossible, something like that plan for the future?Thanks for the advice.

MDovirak by L2 Linker
  • 1596 Views
  • 1 replies
  • 0 Likes

XSIAM Cloud or Onprem?

Hi All, I'd like to enquire whether Cortex XSIAM offers on-premises solutions exclusively, or if it provides a combination of both on-premises and cloud solutions? Additionally, how does the deployment model work?

Custom Alert in XSIAM for Azure AD User Group Changes

Hello, I was wondering if someone could help point me in the right direction for setting up a custom alert in XSIAM when a user is removed from Azure AD from a particular user group. For example, let's say we have a user group that excludes MFA-MDM for certain users, and we want to be alerted anytime someone is removed from that group within...

Cortex XSIAM XQL Query Issue

Hi Team, I was searching some logs and I found the query I was running initially was just different from the later (2nd) query, however, I was not getting any results for first time but got the results by 2nd query. I moto here just to understand what was the difference using contains or in or "=" for the message or event log fiels while filter ...

How to retrieve all XQL Correlations

Hi guys, i need a little help. Is there any dataset that contain all the correlations rules created?Or can I retrieve all correlations rules via XQL? I known that I can push this information via API, but unfortunately it is not working here. Thank you in advance.

PCI DSS compliance

Hi everyone, I'm looking for information about some points about xsiam and cortex xdr being PCI DSS compliant. Is there any documentation you can find specifically on this point: 509 Review IPS and IDS device configurations and architecture I found this documentation(https://isacala.org/wp-content/uploads/2020/08/Cortex-XDR-Whitepaper_Coalfi...

data flow in xsiam

can someone explain the data flow in xsiam, use any case as an example, what fundamental modules does the data go through in one incident

winston by L0 Member
  • 1312 Views
  • 0 replies
  • 0 Likes

smartscore reasons vs insights

For the smartscore feature, we can see two parts, one is the reasons, the other is insights, are there any relations between them? what is the features used in the smartscore model, the reasons or the insights

winston by L0 Member
  • 1218 Views
  • 0 replies
  • 0 Likes

xsiam and xdr

can someone explain the difference between xsiam and xdr, it seems most of the modules in xsiam are also in the xdr, is xsiam the second generation of xdr?

winston by L0 Member
  • 7098 Views
  • 2 replies
  • 0 Likes

Cortex XSIAM | Palo Alto

Hi Communnity , I would like to know few things about Cortex XSIAM solution: 1. Auto Discovery feature: If any new log source is added, can the solution notify?2. How the asset risk score is calculated?3. In XSIAM, full raw logs of XDR/SIEM will be available or only parsed data?4. Upgradation of XDR/SOAR/TIP/SIEM will be done all at once or one ...

  • 152 Posts
  • 42 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks