IP Enrichment from Internal IP Address Range

Is it possible to build API request to enrich details about the local IP and in which Internal IP CIDR range it is exists? We have this data in XSIAM configuration. 

For big enterprise with many networks its useful enrichment to know the network locat

Detecting error and warning 3rd party connectors using XQL Query by creating a correaltion rule

can some one suggest to identify and detect the datasources in warning and error state can be detected using XQL query

Questions About Cortex XSIAM API Limits (IOCs Insertion & Retrieval, Rate Limiting)

Hi Community,

We are integrating with the Cortex XSIAM API and would appreciate some clarity on the following points:

1. Insert IOCs
   We plan to use the endpoint:
   https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Insert-or-update-IOCs
   What i

XSIAM Pending Playbooks

In XSIAM, how can I determine (query ?) the current total number of playbooks with a playbook run status of "Pending" via an XSIAM command or XSIAM API, as opposed to filtering in UI ?  The use case is to be "proactively" notified (via workflow or jo

XSIAM XQL Query help needed

Hi All,

So i need some xql query help please..

Example : I have 2 datasets in xsiam, one called 'xdr_data', and another called 'ioc',
In my 'ioc' dataset I have a field called 'indicator' with different values ie 4.4.4.4; 1.2.3.4 for example.. these

XSIAM Engineer Certification

Has anyone completed the Cortex XSIAM Engineer certification? If so, could you share your experience? Also share your guidance on how to prepare for it.

Marketplace Content pack update - best practices

Hi All,

How do you manage content updates in the market place currently?

Any best practices to follow as it seems this is a manual process to review the release notes and plan updates accordingly.

Is there a way to notify via email if new content pac

XSIAM Always Request Generate a New API Token from Trend Micro Vision One

Hello Everyone, I have a problem integrating with Trend Micro Vision One in the marketplace. It seems that XSIAM always requests a new API token from Vision One. Is there any solution? 

Thank You !

Saving XSIAM Command Center as Template

Hi,

Anyone know if possible to save the 'XSIAM command center dashboard' as a report template? the option for me is greyed out 

i have a feeling not possible.. but guess worth asking.

thanks in adv

Collecting IIS Log

Hi,

I have configured the filebeat to collect the IIS log,

but I don't see any dataset related to the IIS log in the dataset table and also don't know how and in which dataset to get those logs.

this the filebeat configuration

---
filebeat.modules:
- m

Inquiry About Third-Party VPN Logs and Analytics Alerts in XSIAM

Hi All,

■Background
I would like to inquire about the Ivanti VPN logs ingested into XSIAM.
I have installed the data model rules from the content pack. However, I encountered the following issues:

Analytics Alerts: No Analytics alerts related to third-

Possible to View the XQL Query of Widgets?

Hi All,

So XSIAM has a bunch of built in widgets and I want to amend some of these.. is there a way to determine the Query used within so that i can use this to adapt to my custom query?

thanks in adv

Guidance on Automating Alert Notifications in Cortex XSIAM Using Playbooks (Future SNOW Integration)

Hello everyone,

I'm currently exploring Cortex XSIAM as part of my day-to-day responsibilities, and I’m working on automating alert notifications using native playbooks particularly for mail notifications triggered by specific alerts, like "port scan

API to get data from lookup dataset

Hi All,

in XQL - i can run a query and dump the data into a lookup dataset, this works, then i can run a local query against this lookup dataset and i see all the data as expected.

however, when i run an API request against (https://api-yourfqdn/publ

XQL Query for calculating XDR log ingestion

Hi, 
As this is covered by the XDR license and not visible in the data ingestion widgets..

Does anyone have a query to look at data ingestion for XDR agents only?

thanks in adv