This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2705 Views
  • 0 replies
  • 0 Likes

CPU and Memory Usage

Hello everyone, I’m looking for an XQL query that shows CPU and memory usage.For example, I want to visualize something like: the XDR service consumes an average of X% memory and Y% CPU per hour, preferably as a graph. Could you please help with this?

Export Issues and Cases from XSIAM

Hi, I'm trying to export issues and cases from XSIAM but i don't see any options available to do this. This is our client requirement. can anybody help on this. I should be able to fully export any issue. Appreciate your help

XSIAM Dynamic filtering in exclusions

Hi, I was told by someone from our Palo team (cant remember who and we recently had a team change) that dynamic group exclusions would be a new feature in the 3.2 release. An example of this is retrieving a list of IPs and saving it to a table or dataset. Then, for a specific issue exclusion (e.g. Abnormal amount of port scanning) we exclude ...

O365 Email integration question

Hi Anyone done o365 email ingestion with no adv email security license? having a hard time with the pan documentation as alot of the azure naming conventions seems to have changed. q1 - if just using the o365 datasource and enabling the 'exchange online' option, will this be enough or do i need a separate 0365 email collector to deploy (of whi...

PA_nts by L4 Transporter
  • 783 Views
  • 3 replies
  • 0 Likes

XSOAR Packs compatible with XSIAM

I have been digging into the marketplace more recently specifically with the TIM add-on. I noticed that the marketplace shows multiple different playbooks for the "TIM - Indicator Auto-Processing" pack on the marketplace website. However inside of the xsiam console. The marketplace only shows one playbook. Are the playbooks cross compatible? Are...

Cortex XSIAM XQL: How to find incidents where playbook failed / errored?

I’m new to Cortex XSIAM and XQL, and I’m still learning how things work. I need some help with an XQL query. I’m trying to create an XQL query where I can see: Incident ID, Incident name , Playbook execution status (failed / error), Playbook name, Error message or failure reason (if available). I checked the incidents dataset, but I couldn’t f...

R_BhlpMe by L0 Member
  • 1719 Views
  • 1 replies
  • 1 Likes

Resolved! XSIAM Dashboard

Hi, I'm working on creating a dashboard for the concept below. Has anyone already tried this or have any insights they can share? sudden spike for data ingestions Data ingestion exceeded threshold Data source with correlation rules per source

How to Configure XQL to detect logs not reporting rule

I am able to retrieve logs successfully using XQL in Cortex XSIAM.However, I need to configure an analytics rule that triggers when any single expected source stops sending logs (for 10 minute,1 hours,4 hours). Detect when any one host / source stops reporting logs Alert should be raised per missing entity Should work with Scheduled Analyt...

Cortex Pop-ups Triggered for StoreDesktopExtension.exe Despite Being Blocklisted

Users are continuing to receive Cortex alert pop-ups for StoreDesktopExtension.exe even after the executable was added to the Cortex block list. Observations: The file is already present in the Cortex block list. Alerts/pop-ups are still being triggered on user endpoints Is it related to Windows Security Update? Restarting the machine is re...

AI Created SOC SOP's Base on Detection/Playbook Title

Hi All, I’ve developed a script that takes a list of SOC detections and/or playbook titles, analyses associated metadata, and automatically generates full Standard Operating Procedures — ready for upload into Confluence or as a simple text file for import elsewhere. SOPs matter because they provide clear, consistent instructions, ensure stan...

N.Hook by L0 Member
  • 1971 Views
  • 4 replies
  • 1 Likes

Why do the same Windows Server data collected using XDRC and WEC agents show different statuses in the following fields?

Why do the same Windows Server 2022 std (Traditional Chinese) data collected using XDRC and WEC agents show different statuses in the following fields? _Collector_type = `WEC` ,Event Log display is 【`English`】,Fields have 【Message】、【 _RAW_LOG】。 _Collector_type = `XDR Collector` ,Event Log display is 【`Traditional Chinese`】,Fields Only have 【Mes...

jchen644219_0-1768787166072.png
jchen644219_3-1768788509185.png
jchen644219_2-1768787586281.png

Resolved! [Cortex XSIAM ] XDR Collector Collect Windows Security Log。XDR Collectors Administration Status display "Error".

Currently, I'm using the default templates. Despite trying many tests, this error message persists. Am I missing any information? XDR Collectors Administration Status display "Error". Error Message : Exiting: no modules or inputs enabled and configuration reloading disabled.What files do you want me to watch? XDR Collectors Administration ...

jchen644219_0-1765245869642.png
jchen644219_2-1765246646357.png
jchen644219_3-1765246972416.png
  • 157 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks