Monitoring Bluetooth

Hi,

We are using Cortex XSIAM. Now we want to perform monitoring of Bluetooth in Microsoft Windows 10 and 11 computers. The reason we want to check whether our users are connecting their mobile phones, like iPhone and Androids, through their office

Cortex XDR Host Firewall Rule evaluation

Hi Team,

I have a doubt about Host Firewall rule evaluation. Let say i have a rule created to allow all internal application inbound traffic on specific port / Remote IP. In the same rule group if i create another outbound rule and action type : allo

Jira and Teams XSIAM Integration

This is in XSIAM. When I create an instance in "Automation and Feed integrations" I can see that it creates one in the "Data sources" section as well. I do not want the logs from Teams in XSIAM and hence to not want an instance in the "Data sources"

Extract Incident context data using 'set' script

Hi All

very simple task running the 'set' script in a very basic playbook in xsiam

i am trying to pull the 'xsiam url link to the incident' from the incident context data ${parentIncidentFields.xdr_url} into a set task.. but it keeps showing as empty

Agent Not updating

Hi,

We have Windows clients which are sometimes not on the network nor connected to the internet. Their agent does not get updated. Tell me what other solutions we have to get it updated

Forcepoint proxy integration with XSIAM

Hi Palo Team, I am trying to onboard Forcepoint proxy logs into XSIAM, but i couldn't found any marketplace app/supporting datamodel.

Could someone help/guide to onboard the forcepoint proxy logs.

additionally referring to Splunk where we have a option

How to group related alerts in XSIAM and create a unique incident

Hi dear community :):  I have a question

Several alerts are forwarding in my Cortex XSIAM system coming from Microsoft Defender, these alerts have different names but all of them are part of a unique incident in MDefender and have a unique event ID. 

How to take XISM dataset backup/ Clone xsiam dataset

I am looking for the queries/procedure to take the XISM dataset backup/Clone dataset

Create Dataset XSIAM

I want to create a dataset to send certain types of logs to this dataset. For example, I want to create a dataset linux_facility_1 for example. Then I want to create a pharse with Ingest that "throws" all the logs of type facilty=1 to this dataset.

I

Output of prevalence commands

Hi

I have been searching around online, both on https://xsoar.pan.dev/ and looking at looking at the source code on github, for the Core - Investigation & Response integration. In order to figure what the values returned by the analytic prevalence co

Context polling playbook

In XSIAM playbook,I’m trying to fetch the incident status. When the incident status is changed to for eg under_investigation I want to my playbook to run a certain task. 
for this I want use context polling sub playbook 

key : parentIncidentFields.sta

How to write a data model to map to an authentication story

We are creating a data model and have questions like:

==============================================

We are aware that the method of mapping to an authentication story requires defining the following,
as described in the documentation.

However, w

XSIAM Incidents notes and messenger

Hi everyone,

I am trying to get all the information added to the Notepad or Messenger fields (Incident Discussion) from the incidents.
I do not need the information contained in the RESOLVE_COMMENT column of the incidents table.
Would it be possible