This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2759 Views
  • 0 replies
  • 0 Likes

Resolved! XSIAM - API Get Correlation Rules - Least Priviledge

In the API reference, it states that you must have Instance Administrator permissions to run the endpoint /public_api/v1/correlations/get. Is it possible to create a custom role for the API key that has sufficient permissions to execute this endpoint? Do you know any other way to retrieve the query from a specific correlation rule? Cortex XSI...

Resolved! UEBA Capabilities

Hi All, I'm looking for some guidance around UEBA capabilities in XSIAM. Currently, we are using the free trial version of the ITDR module in XSIAM. If we do not have ITDR module license , what are the ways to enhance UEBA capabilities in XSIAM?. Should we manually develop UEBA pattern-related use cases using telemetry logs? Appreciate your...

AI Prompt Feature | XSIAM Version 3.4

Hi All, Does anyone tested the AI prompt feature in XSIAM version 3.4? From our experience, only generic prompts seem to be working. When we try to use specific real-time case or issue data, it doesn't respond as expected. We haven't been able to test out-of-the-box or custom prompts using input data like Issue ID or Issue Name, as the AI prompt...

XDRC Connection Error

Hello experts, I have two XDRC installed on W2016 server, both are connected through same BrokerVM. Even tried test if the BVM and XDRC connection was fine, I did a test to run "uninstall collector" from Console, it was successful. From XDRC Adminsitration, The status shown :Warning, however, the last seen was up to date. From XQL queries...

XSIAM Playbook

Hi, I want to run one basic playbook automation on every new issue trigged. For example, I have specific conditions where, if a new issue meets those conditions, its severity should be updated. Currently, only one automation rule can be applied to each issue. While using a Job is an option, I am interested to know if there are any other solution...

Resolved! How to filter process_file_info in a BIOC

Hi everyone, I’m working on a BIOC of type Process, and I’m trying to use the process_file_info field as a filter. When I run a search, this field shows up as a JSON object containing details like product name, version, etc. The problem is:BIOC filters only seem to support exact string matching, and since process_file_info is JSON, I can’t match...

FCossard by L0 Member
  • 2139 Views
  • 2 replies
  • 0 Likes

Resolved! ServiceNow CMDB data to XSIAM

Hi, We have integrated XSIAM with ServiceNow CMDB. We want to pull critical assets from the CMDB into XSIAM using an API and we have to do feature field configuration for these critical assets. Currently, I only see an option to upload a static file in the feature field configuration ( Host/ User/IPaddress) Could someone please help with the fol...

Fetched Integrations Objects in XSIAM 3.4

Good morning Live Community, Recently upgraded from XDR to XSIAM. Have never had XSOAR in the past, but worked through POCs at two different orgs, so somewhat familiar, nowhere near proficient. Built some simple automations largely dependent on Marketplace content packs. Working through the Beacon course material slowly but also am startin...

Resolved! XSIAM API pagination

Hello, I'm trying to use the API to pull a lookup dataset that is larger than 10,000 rows. I don't see any options for pagination and the filters listed in the documentation seem too rigid to easily pull the data. https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Get-data-from-a-lookup-datasetIs there any way to paginate the ...

Fortigate Correlation rules thread

Hi All, With Fortigate FW logs ingesting into XSIAM, even with the forti content pack installed, there is no real method for detection apart from the analytics engine that will use the '3rd party firewalls' analytic rules to natively detect issues/alerts on Fortigate FWs that i am aware off.. As such one will be required to do additional corre...

PA_nts by L4 Transporter
  • 833 Views
  • 2 replies
  • 0 Likes
  • 164 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks