How does multi-tenancy work for MSSPs in XSIAM?
We are looking to use XSIAM as the core SecOps tooling to replace our current SIEM and we were wondering how does the multi-tenancy function work?
Hi All,
withing query builder i have a very basic query as per below..
dataset = metrics_source
| fields _vendor , _product , total_size_bytes
which shows me the data sources and the amount of ingested data per source which is fine over a period
...
Hi Team,
Currently we are currently using XSIAM Agent v8.4, and it is consuming 300+mb of memory. How can we minimize its memory usage?
Please see attached photo as reference.
Thank you!
Hi is there any specific guidance or information relating to how long it can take to apply 'auto-resolve' after creating an Alert Exclusion filter rule using XSIAM > Exceptions > Alert Exclusions when using the setting 'Apply rule On Existing Alerts
...
Hello,
I have come across references to 'Unified Inventory' in the documentation for XSIAM, Xpanse, and Prisma Cloud. Could anyone please clarify if this is a single offering from Palo Alto Networks or specifically from Cortex? Alternatively, do thes
...
Same as the title. Could you please give examples of how Market Place, Data source, and XDR collectors are in XSIAM in terms of ingesting data?
Do we have the ability to call Unified Inventory or Assets Inventory via XQL Query? I have many interesting examples and potential use cases for how this data can be used. Also, some custom reports like 'new assets detected in last 24h' can be useful
...
Hi All,
I'd like to enquire whether Cortex XSIAM offers on-premises solutions exclusively, or if it provides a combination of both on-premises and cloud solutions? Additionally, how does the deployment model work?
Hello,
I was wondering if someone could help point me in the right direction for setting up a custom alert in XSIAM when a user is removed from Azure AD from a particular user group.
For example, let's say we have a user group that excludes MFA-M
...
Hi Team,
I was searching some logs and I found the query I was running initially was just different from the later (2nd) query, however, I was not getting any results for first time but got the results by 2nd query. I moto here just to understand wha
...
Hi guys, i need a little help.
Is there any dataset that contain all the correlations rules created?
Or can I retrieve all correlations rules via XQL?
I known that I can push this information via API, but unfortunately it is not working here.
Th
...
Hello Everyone,
We have "creation time" field in the incidents dataset. I wanted to query the "incidents" dataset for the specific date ranges of creation time like 1d, 7d etc. Have tried multiple ways, but couldn't succeed. Please share details if
...
Hello Everyone,
We wanted to calculate the Mean time to detection in XSIAM. Hence we require fields name which has creation time of the alert and actual event generated time of event related to that alert. I believe the difference between these two
...
Hi everyone, I'm looking for information about some points about xsiam and cortex xdr being PCI DSS compliant. Is there any documentation you can find specifically on this point:
I found
can someone explain the data flow in xsiam, use any case as an example, what fundamental modules does the data go through in one incident
