This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2759 Views
  • 0 replies
  • 0 Likes

How do you handle Low Severity alerts/issues?

want to know how you guys deal with low severity alerts.. do you monitor/analyze them or only focus on incidents with medium/high/critical severity? do you run any playbook automation against these low sev alerts? are there any best practices from PAN around handling of low severity alerts? i cannot seem to find any. thanks in adv

PA_nts by L4 Transporter
  • 2533 Views
  • 3 replies
  • 0 Likes

XSIAM Email Communication

In XSIAM, we need a way for analysts to send email updates at different stages of an incident — like when it is received, contained, and recovered. Each case should have its own email chain that includes all previous emails for that case. To support this, we have added a button in the case template where analysts can write and send emails. When ...

Cortex XDR Host Firewall Rule evaluation

Hi Team, I have a doubt about Host Firewall rule evaluation. Let say i have a rule created to allow all internal application inbound traffic on specific port / Remote IP. In the same rule group if i create another outbound rule and action type : allow all outbound traffic on any port/IP how it will evaluate the rule. It means it will allow all o...

Monitoring Bluetooth

Hi, We are using Cortex XSIAM. Now we want to perform monitoring of Bluetooth in Microsoft Windows 10 and 11 computers. The reason we want to check whether our users are connecting their mobile phones, like iPhone and Androids, through their office laptop using Bluetooth Cortex XSIAM Cortex XDR

O.Faheem by L1 Bithead
  • 742 Views
  • 1 replies
  • 0 Likes

Resolved! Do you backup your custom content?

Hi, I’m looking for a way to back up my custom content - such as playbooks, lists, scripts, correlation rules, and more, to an external repository (GitHub, GitLab, Azure DevOps, etc.). So far, I’ve had partial success with playbooks using Python scripts and API calls, but I’m having difficulty backing up the other content types. Has anyone tried...

CPU and Memory Usage

Hello everyone, I’m looking for an XQL query that shows CPU and memory usage.For example, I want to visualize something like: the XDR service consumes an average of X% memory and Y% CPU per hour, preferably as a graph. Could you please help with this?

Export Issues and Cases from XSIAM

Hi, I'm trying to export issues and cases from XSIAM but i don't see any options available to do this. This is our client requirement. can anybody help on this. I should be able to fully export any issue. Appreciate your help

XSIAM Dynamic filtering in exclusions

Hi, I was told by someone from our Palo team (cant remember who and we recently had a team change) that dynamic group exclusions would be a new feature in the 3.2 release. An example of this is retrieving a list of IPs and saving it to a table or dataset. Then, for a specific issue exclusion (e.g. Abnormal amount of port scanning) we exclude ...

O365 Email integration question

Hi Anyone done o365 email ingestion with no adv email security license? having a hard time with the pan documentation as alot of the azure naming conventions seems to have changed. q1 - if just using the o365 datasource and enabling the 'exchange online' option, will this be enough or do i need a separate 0365 email collector to deploy (of whi...

PA_nts by L4 Transporter
  • 911 Views
  • 3 replies
  • 0 Likes

XSOAR Packs compatible with XSIAM

I have been digging into the marketplace more recently specifically with the TIM add-on. I noticed that the marketplace shows multiple different playbooks for the "TIM - Indicator Auto-Processing" pack on the marketplace website. However inside of the xsiam console. The marketplace only shows one playbook. Are the playbooks cross compatible? Are...

  • 164 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks