Export Issues and Cases from XSIAM

Hi, I'm trying to export issues and cases from XSIAM but i don't see any options available to do this. This is our client requirement. can anybody help on this. 

I should be able to fully export any issue. Appreciate your help

XSIAM Dynamic filtering in exclusions

Hi,

I was told by someone from our Palo team (cant remember who and we recently had a team change) that dynamic group exclusions would be a new feature in the 3.2 release. An example of this is retrieving a list of IPs and saving it to a table or d

O365 Email integration question

Hi

Anyone done o365 email ingestion with no adv email security license?

having a hard time with the pan documentation as alot of the azure naming conventions seems to have changed.

q1 - if just using the o365 datasource and enabling the 'exchange o

XSOAR Packs compatible with XSIAM

I have been digging into the marketplace more recently specifically with the TIM add-on. I noticed that the marketplace shows multiple different playbooks for the "TIM - Indicator Auto-Processing" pack on the marketplace website. However inside of th

Cortex XSIAM XQL: How to find incidents where playbook failed / errored?

I’m new to Cortex XSIAM and XQL, and I’m still learning how things work. I need some help with an XQL query.

I’m trying to create an XQL query where I can see: Incident ID, Incident name , Playbook execution status (failed / error), Playbook name, Er

How to Configure XQL to detect logs not reporting rule

I am able to retrieve logs successfully using XQL in Cortex XSIAM.

However,
I need to configure an analytics rule that triggers when any single expected source stops sending logs (for 10 minute,1 hours,4 hours).

• Detect when any one host / source stop

Options to onboard Microsoft Message trace logs into XSIAM

As we have an option in Splunk to see the all the message tracking logs through Microsoft message trace app, do we have any similar app to integrate?

Cortex XSIAM 

Cortex Pop-ups Triggered for StoreDesktopExtension.exe Despite Being Blocklisted

Users are continuing to receive Cortex alert pop-ups for StoreDesktopExtension.exe even after the executable was added to the Cortex block list.

Observations:

• The file is already present in the Cortex block list.

• Alerts/pop-ups are still being trig

AI Created SOC SOP's Base on Detection/Playbook Title

Hi All,

I’ve developed a script that takes a list of SOC detections and/or playbook titles, analyses associated metadata, and automatically generates full Standard Operating Procedures — ready for upload into Confluence or as a simple text file for

Why do the same Windows Server data collected using XDRC and WEC agents show different statuses in the following fields?

Why do the same Windows Server 2022 std (Traditional Chinese) data collected using XDRC and WEC agents show different statuses in the following fields?

1. _Collector_type = `WEC` ，Event Log display is 【`English`】，Fields have 【Message】、【 _RAW_LOG】。
2. _Colle

Broker Helath Checking

Hello everyone!

I working in a environment that have some broker clusters and local brokers as well, I would like know how I can implement some way to have a daily health checking for these brokers, like if the broker is need a reboot to update, if

Problem with Conditional Task Not Matching XQL Output in Cortex XSIAM Playbook

Hello everyone,

I am building a simple playbook in Cortex XSIAM to check whether an endpoint is CONNECTED or DISCONNECTED using an XQL query on the endpoints dataset.

The XQL query works correctly and returns the expected output:

{
"results": [
{
"endpo