Cortex XSIAM Discussions

XSIAM Assets / Network Mapper - How to identify unknown assets

We configured network mapper in the BrokerVM settings and using multiple ports for network identification. Of course, on the firewalls we allow all traffic from them to make a full visibility internally. However, the scan doesn't resolve the hostname

Forwarding event to XSIAM

hi , how can i forward special event id to xsiam . For example i want to send 4624 id event log from active directory to cortex xsiam

XQL Query for a Correlation Rules

I am trying to write a xql query for a correlation rule in which alert or incident will trigger for below condition.
Condition:

Threshold: Only once on match 2

Detect on unique values of: hostname

So, my question is. how to write "Detect on unique valu

What part of the network did an alert generate from?

Within XSIAM, an enterprises' network asset ranges are defined at Assets > Network Configuration.  On adding a network, you are able to assign the network a range name and and IP address range.

When an alert is generated within XSIAM, where is the

XSIAM custom widget with custom timeframe

Need help in creating a custom dashboard like "incident status board" but need a custom time frame to select the dates and time,
1.find MTTR in that time frame
2. find the resolution category type for the same time frame data

Thanks for assisting

How to delete a shared Incident Filter View in XSIAM that was created by an inactive user

Hi I'm looking to find a way to remove a shared Incident Filter View that was created by someone who has now left. The filter is no longer needed and effectively an unrequired duplicate. The filter view is padlocked and there is no option to unshare

XSIAM and ITSM Integration question

Hi All,

anyone successfully done this to date?

my integration works in that I can communicate with ITSM ok.

however, I have the following issue.. our ITSM Dev team have provided some fields that is required from XSIAM playbook to ingest the tickets s

OT Security | XQL

Hello community,

Can someone please help me with build some XQL queries to monitor some OT environment, or give me some tips and idea for this topic.

thnx 

Post Webinar Recording on "Your Secops. Unified."

Can someone please post the recording on the latest webinar title "Your Secops. Unified" which happen last Sept 25.. Specifically the demo video for xsiam 

Is there a way to monitor the Broker VMs to see what is connecting (or attempting to connect) to them?

Is there a way to monitor the Broker VMs to see what is connecting (or attempting to connect) to them?

Is there a way in the XSIAM UI to determine what devices are attempting to connect to them (IP, protocol, and port) to observe if certain devices

Lookups to compare the difference

I am trying to find clients missing software, I found all the clients WITH the software, dumped them into a a lookup and now trying to find the difference, basically return the ones NOT in the lookup,
So something like this: 

dataset = host_inventory
|

XSOAR engine upgrade

For engine upgrade , do we have to manually run the upgrade installer file in engines or just clicking on the “ upgrade engine” button in the UI of XSiam would be enough?

Urgent Help Needed: Where Can I Find Cortex XSIAM Deployment and Service Management Training Videos?

Hi Team,

I have a new client, one urgently transitioning from QRadar to Cortex XSIAM, and I'm completely unfamiliar with XSIAM. I urgently need instructor-led training on deploying and managing this solution, as I'm unsure how to proceed. Any help