This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Resolved! Using XQL queries in XSIAM playbooks

Hi Team,

 

I'd like to enquire whether Cortex XSIAM can search the logs of a dataset using XQL Query in a Playbook.
Cortex XSOAR can do that for Cortex XDR using the integration of "Cortex XDR - Search and Compare Process Executions - XQL Engine" .

Integrating Proofpoint TAP into XSIAM

Hi,

 

I would like some guidance on which data source I should use when integrating Proofpoint TAP into XSIAM.

 

In the content pack "Proofpoint TAP" on the marketplace,

 

There is a data source named "Proofpoint TAP".  This data source has the abili

...

Rule list

would like to see a list of rules regarding the types of incidents I receive in XSIAM.

I am not talking about IOC/BIOC 

 

Can anyone help with the path ?

Resolved! Coalescing of events in XSIAM?

Looking to migrate from QRadar/QRoC to XSIAM


In QRadar/QRoC, coalescing works in the following manner:

https://www.ibm.com/support/pages/qradar-how-does-coalescing-work-qradar

 

The goal of coalescing is to reduce the need for storage of events for c

...

Widget Library XQL Query

Hi All,

So in the xsiam portal under 'Dashboard and reports' there is a pre-defined list of Widgets in the library..

Within the 'system monitoring' library there is a widget called 'daily consumption' which is great to identify data sources ingestion

...

PA_nts by L3 Networker
  • 669 Views
  • 1 replies
  • 0 Likes

XSIAM Multi-Tenancy

How does multi-tenancy work for MSSPs in XSIAM? 
We are looking to use XSIAM as the core SecOps tooling to replace our current SIEM and we were wondering how does the multi-tenancy function work?  

Simple QXL Query help needed

Hi All,

withing query builder i have a very basic query as per below..

 

dataset = metrics_source
| fields _vendor , _product , total_size_bytes

 

which shows me the data sources and the amount of ingested data per source which is fine over a period

...

PA_nts by L3 Networker
  • 717 Views
  • 1 replies
  • 0 Likes

Resolved! High Memory usage of Cortex Agent

Hi Team,

 

Currently we are currently using XSIAM Agent v8.4, and it is consuming 300+mb of memory. How can we minimize its memory usage?

 

Please see attached photo as reference.

 

Thank you!

Resolved! Unified Inventory

Hello,

I have come across references to 'Unified Inventory' in the documentation for XSIAM, Xpanse, and Prisma Cloud. Could anyone please clarify if this is a single offering from Palo Alto Networks or specifically from Cortex? Alternatively, do thes

...

sh4unz0r by L0 Member
  • 1791 Views
  • 3 replies
  • 0 Likes

Unified/Assets Inventory and XQL

Do we have the ability to call Unified Inventory or Assets Inventory via XQL Query? I have many interesting examples and potential use cases for how this data can be used. Also, some custom reports like 'new assets detected in last 24h' can be useful

...

MDovirak by L1 Bithead
  • 907 Views
  • 1 replies
  • 0 Likes

XSIAM Cloud or Onprem?

Hi All,

 

I'd like to enquire whether Cortex XSIAM offers on-premises solutions exclusively, or if it provides a combination of both on-premises and cloud solutions? Additionally, how does the deployment model work? 

Cortex XSIAM XQL Query Issue

Hi Team,

I was searching some logs and I found the query I was running initially was just different from the later (2nd) query, however, I was not getting any results for first time but got the results by 2nd query. I moto here just to understand wha

...

  • 40 Posts
  • 30 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks