Vulnerability Assessment in XSIAM 3.3

Does anyone know what happened to the Vulnerability Assessment in XSIAM after upgrading to 3.3?

I used to be able to do Inventory → Endpoints+Host Inventory → Vulnerability Assessment, select Endpoints on the upper-right bar and then search by Endp

Does lookup or snapshot type dataset contributes to Hot storage

Hello Everyone,

We have lot of lookup file and some snapshot type dataset in our environment. Does it contributes to hot storage. If so how can i verify its size. 

Also i wanted to how the snapshot type dataset are created in XSIAM. 

Thanks in

XSIAM - Vulnerability field (Issues)

Hi All.

Please, using "JSON Sample Incident Generator (Community Contribution)" app, is there any way to set "CATEGORY" field a value on Issues?.

Using "Classification & Mapping" and setting "Category" field to a specific value did not work.

Th

Preventing Access to "Resolve & Create Exclusion " based on Role

Hello Livecomm,

I have a trivial question. Does anyone know how to prevent users from a specific role to '"Resolve & Create Exclusion " when closing a case?

I have reviewed the various options the role provides but there is no mention of this feature

XSIAM V3.3 upgrade - anyone having issues?

Hi All, 

We have a XSIAM tenant running v3.2 and PAN upgraded to V3.3 yesterday (Nov 16th 2025) and since then we have a number of issues ie

- content pack updates (base/scripts etc) updates failing

- transformers missing as such custom playbook runs

Timeout issue - Health Issue/Alerts in XSIAM

Hello,

We are seeing multiple health issues under collection type.

For example: 

Issue name: Collection error in the instance AWS_***  collector

Description: timeout while waiting for server to answer: request ********-****-****-****-**********.

adding dataset fields to alert or incident context data

Hi All,

Using a custom parsing rule i am adding a custom field a dataset - this works all good i can see my new field in the dataset with values.

question - how can i get this field to show in my alert and/or incident context data?

thanks in adv

XQL question

Hello,

I'm trying to get all the outgoing firewall traffic, except port 80, 443 using the query below but no sucess. Any ideias?

dataset = panw_ngfw_traffic_raw
| filter source_ip in ("x.x.x.x/24")
| filter dest_port != 443 and 80
| fields _time, sour

Limit the use of memory of Cortex XDR pro agent

Hi,

We have a large memory consuption of memory in SQL servers and micro-services, the question it is posiible to limit the memory consuption for these especific cases or there is another recomendation to create a profile with some exceptions for t

xSIAM to xSOAR integration

Hey,

We’re currently looking at a potential xSIAM customer but haven’t been able to find any documentation confirming whether xSIAM can integrate with xSOAR. Does anyone have any insight?

Context:
I work for an MSSP that leverages xSOAR to ingest detec

sending NGFW logs to XSIAM without broker-vm

Hi,

I have a xsiam tenant running and a palo vm-100 (11.2.x) in our lab (xsiam / ngfw exists in the same csp account)

trying to find docs on this process.. the xsiam admin guide is pretty vague, it says yes and explains the steps on the xsiam side mo

Tagging all data from a broker-vm

Hi All,

has anyone done this to date yet?

I have a broker-vm deployed  in a specific region and want to tag any and all data from this broker-vm with a custom region tag.. 

anyone written a parsing rule for this as yet?

thanks in adv

XSIAM NGFW Panorama logs onboarding

What is the recommended method to onboard NGFW logs. If the NGFWs are sending the logs to Panorama, how should i get the logs to XSIAM. I did see the "NGFW" integration and there is also syslog through Broker VM. which one is recommended? If I use th