This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2706 Views
  • 0 replies
  • 0 Likes

Resolved! How to filter process_file_info in a BIOC

Hi everyone, I’m working on a BIOC of type Process, and I’m trying to use the process_file_info field as a filter. When I run a search, this field shows up as a JSON object containing details like product name, version, etc. The problem is:BIOC filters only seem to support exact string matching, and since process_file_info is JSON, I can’t match...

FCossard by L0 Member
  • 1987 Views
  • 2 replies
  • 0 Likes

Resolved! ServiceNow CMDB data to XSIAM

Hi, We have integrated XSIAM with ServiceNow CMDB. We want to pull critical assets from the CMDB into XSIAM using an API and we have to do feature field configuration for these critical assets. Currently, I only see an option to upload a static file in the feature field configuration ( Host/ User/IPaddress) Could someone please help with the fol...

Fetched Integrations Objects in XSIAM 3.4

Good morning Live Community, Recently upgraded from XDR to XSIAM. Have never had XSOAR in the past, but worked through POCs at two different orgs, so somewhat familiar, nowhere near proficient. Built some simple automations largely dependent on Marketplace content packs. Working through the Beacon course material slowly but also am startin...

Resolved! XSIAM API pagination

Hello, I'm trying to use the API to pull a lookup dataset that is larger than 10,000 rows. I don't see any options for pagination and the filters listed in the documentation seem too rigid to easily pull the data. https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Get-data-from-a-lookup-datasetIs there any way to paginate the ...

Fortigate Correlation rules thread

Hi All, With Fortigate FW logs ingesting into XSIAM, even with the forti content pack installed, there is no real method for detection apart from the analytics engine that will use the '3rd party firewalls' analytic rules to natively detect issues/alerts on Fortigate FWs that i am aware off.. As such one will be required to do additional corre...

PA_nts by L4 Transporter
  • 747 Views
  • 2 replies
  • 0 Likes

How do you handle Low Severity alerts/issues?

want to know how you guys deal with low severity alerts.. do you monitor/analyze them or only focus on incidents with medium/high/critical severity? do you run any playbook automation against these low sev alerts? are there any best practices from PAN around handling of low severity alerts? i cannot seem to find any. thanks in adv

PA_nts by L4 Transporter
  • 2332 Views
  • 3 replies
  • 0 Likes

XSIAM Email Communication

In XSIAM, we need a way for analysts to send email updates at different stages of an incident — like when it is received, contained, and recovered. Each case should have its own email chain that includes all previous emails for that case. To support this, we have added a button in the case template where analysts can write and send emails. When ...

Cortex XDR Host Firewall Rule evaluation

Hi Team, I have a doubt about Host Firewall rule evaluation. Let say i have a rule created to allow all internal application inbound traffic on specific port / Remote IP. In the same rule group if i create another outbound rule and action type : allow all outbound traffic on any port/IP how it will evaluate the rule. It means it will allow all o...

Monitoring Bluetooth

Hi, We are using Cortex XSIAM. Now we want to perform monitoring of Bluetooth in Microsoft Windows 10 and 11 computers. The reason we want to check whether our users are connecting their mobile phones, like iPhone and Androids, through their office laptop using Bluetooth Cortex XSIAM Cortex XDR

O.Faheem by L1 Bithead
  • 706 Views
  • 1 replies
  • 0 Likes

Resolved! Do you backup your custom content?

Hi, I’m looking for a way to back up my custom content - such as playbooks, lists, scripts, correlation rules, and more, to an external repository (GitHub, GitLab, Azure DevOps, etc.). So far, I’ve had partial success with playbooks using Python scripts and API calls, but I’m having difficulty backing up the other content types. Has anyone tried...

  • 157 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks