Azure Entra SSO for Cortex XSIAM/XDR

Hello LIVEcommunity,

Seeking help on Azure Entra SSO integration for XSIAM/XDR.

I've managed to setup the configuration according to the documentation. The SP-initiated login are working fine, but not the Idp-initiated login. Logged a case with Pal

Linking Issues to Cases with Command

Hello Livecomm, 

I am trying to link an issue to a case using CLI/automation or similar. Right-clicking on an issue allows me to assign it to a case, but I have not found an option to do this programmatically. I have tried using the link incident and

Working with Multi-Select Array Field with setParentIncidentFields

Hello all,

I have an array of various IPs, and I want to set them to a case field using the setParentIncidentFields command. When defining the argument of values ${my.ips} only the last value is saved. I have tried join or split but to no success. Ca

Uploading files to Open Cloud Applications

HI Team,

I'm running a test case in uploading test documents to open source Cloud applications.

I was successful, but in xdr_data and Zscaler dataset; the file uploads and file names are being shown as blank or none.

Please let me know

1. if this

Querying Users Who Changed Incident Status to "Action Required"

Hi Team,

We have a process where a user works on an incident and updates its status to "Action Required" for further investigation. While we can see the identity of the user who made this change in the Timeline tab of each incident, reviewing this in

Monitoring Bluetooth

Hi,

We are using Cortex XSIAM. Now we want to perform monitoring of Bluetooth in Microsoft Windows 10 and 11 computers. The reason we want to check whether our users are connecting their mobile phones, like iPhone and Androids, through their office

Cortex XDR Host Firewall Rule evaluation

Hi Team,

I have a doubt about Host Firewall rule evaluation. Let say i have a rule created to allow all internal application inbound traffic on specific port / Remote IP. In the same rule group if i create another outbound rule and action type : allo

Jira and Teams XSIAM Integration

This is in XSIAM. When I create an instance in "Automation and Feed integrations" I can see that it creates one in the "Data sources" section as well. I do not want the logs from Teams in XSIAM and hence to not want an instance in the "Data sources"

Extract Incident context data using 'set' script

Hi All

very simple task running the 'set' script in a very basic playbook in xsiam

i am trying to pull the 'xsiam url link to the incident' from the incident context data ${parentIncidentFields.xdr_url} into a set task.. but it keeps showing as empty

Agent Not updating

Hi,

We have Windows clients which are sometimes not on the network nor connected to the internet. Their agent does not get updated. Tell me what other solutions we have to get it updated

Forcepoint proxy integration with XSIAM

Hi Palo Team, I am trying to onboard Forcepoint proxy logs into XSIAM, but i couldn't found any marketplace app/supporting datamodel.

Could someone help/guide to onboard the forcepoint proxy logs.

additionally referring to Splunk where we have a option

How to group related alerts in XSIAM and create a unique incident

Hi dear community :):  I have a question

Several alerts are forwarding in my Cortex XSIAM system coming from Microsoft Defender, these alerts have different names but all of them are part of a unique incident in MDefender and have a unique event ID. 

How to take XISM dataset backup/ Clone xsiam dataset

I am looking for the queries/procedure to take the XISM dataset backup/Clone dataset