This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2705 Views
  • 0 replies
  • 0 Likes

Broker Helath Checking

Hello everyone! I working in a environment that have some broker clusters and local brokers as well, I would like know how I can implement some way to have a daily health checking for these brokers, like if the broker is need a reboot to update, if I don't have any Gaps in receiving logs (for example the last logs received was one day ago) etc...

Problem with Conditional Task Not Matching XQL Output in Cortex XSIAM Playbook

Hello everyone, I am building a simple playbook in Cortex XSIAM to check whether an endpoint is CONNECTED or DISCONNECTED using an XQL query on the endpoints dataset. The XQL query works correctly and returns the expected output: {"results": [{"endpoint_name": "ENDPOINT_089","endpoint_status": "DISCONNECTED"}],"status": "SUCCESS"} However, in ...

AAliyev094633_0-1763915838126.png
AAliyev094633_1-1763915877982.png
AAliyev094633_2-1763915894257.png
AAliyev094633_3-1763915924145.png

Vulnerability Assessment in XSIAM 3.3

Does anyone know what happened to the Vulnerability Assessment in XSIAM after upgrading to 3.3? I used to be able to do Inventory → Endpoints+Host Inventory → Vulnerability Assessment, select Endpoints on the upper-right bar and then search by Endpoint Name and view vulnerabilities. This is no longer present in XSIAM 3.3 after the updated Vuln...

Resolved! Use case BIOC Creation

Hi Live Community, Please I want to create BIOC with GUI for this use case Process name = svchost.exe and (Path not C:\Windows\WinSxS\* OR C:\windows\system32\* ) BR.

Bouzeghoub_0-1767003982011.png

XSIAM - Vulnerability field (Issues)

Hi All. Please, using "JSON Sample Incident Generator (Community Contribution)" app, is there any way to set "CATEGORY" field a value on Issues?. Using "Classification & Mapping" and setting "Category" field to a specific value did not work. Thank you.

Preventing Access to "Resolve & Create Exclusion " based on Role

Hello Livecomm, I have a trivial question. Does anyone know how to prevent users from a specific role to '"Resolve & Create Exclusion " when closing a case? I have reviewed the various options the role provides but there is no mention of this feature. We want to prevent low level analysts from using this feature. Many thanks, MSysec Cortex ...

XSIAM V3.3 upgrade - anyone having issues?

Hi All, We have a XSIAM tenant running v3.2 and PAN upgraded to V3.3 yesterday (Nov 16th 2025) and since then we have a number of issues ie - content pack updates (base/scripts etc) updates failing - transformers missing as such custom playbook runs affected. have a TAC logged.. want to see if anyone else having issues since yesterday. thanks

PA_nts by L4 Transporter
  • 2617 Views
  • 1 replies
  • 0 Likes

Timeout issue - Health Issue/Alerts in XSIAM

Hello, We are seeing multiple health issues under collection type. For example: Issue name: Collection error in the instance AWS_*** collector Description: timeout while waiting for server to answer: request ********-****-****-****-**********. Wait time: 1m5s (1515) I am seeing this issue across multiple collector types, including AWS, G...

Vinay_AS by L0 Member
  • 1028 Views
  • 0 replies
  • 0 Likes

XQL question

Hello, I'm trying to get all the outgoing firewall traffic, except port 80, 443 using the query below but no sucess. Any ideias? dataset = panw_ngfw_traffic_raw| filter source_ip in ("x.x.x.x/24")| filter dest_port != 443 and 80| fields _time, source_ip, dest_ip, dest_port, action, app, bytes_sent, bytes_received, _device_id, rule_matched

SouzaBr by L0 Member
  • 2103 Views
  • 1 replies
  • 0 Likes

Limit the use of memory of Cortex XDR pro agent

Hi, We have a large memory consuption of memory in SQL servers and micro-services, the question it is posiible to limit the memory consuption for these especific cases or there is another recomendation to create a profile with some exceptions for the SQL process? Actually is some cases the agent is using 3 GB or more of memory. Thanks for your...

garciaof by L0 Member
  • 440 Views
  • 0 replies
  • 0 Likes

xSIAM to xSOAR integration

Hey, We’re currently looking at a potential xSIAM customer but haven’t been able to find any documentation confirming whether xSIAM can integrate with xSOAR. Does anyone have any insight?Context:I work for an MSSP that leverages xSOAR to ingest detection triggers and orchestrate responses for all our customers from a single platform, but can't f...

Resolved! How are Context Variables Maintained when Upgrading to 3.2 ?

Hello Live Comm, I am currently working on XSIAM 2.7 and I want to know what happens to context variables when upgrading the platform to 3.2. 2.7 has the incident and alert convention for variables such as alert.id or alert.hostname. If we have used these variables in a playbook or an automation what happens when the convention becomes issues an...

sending NGFW logs to XSIAM without broker-vm

Hi, I have a xsiam tenant running and a palo vm-100 (11.2.x) in our lab (xsiam / ngfw exists in the same csp account) trying to find docs on this process.. the xsiam admin guide is pretty vague, it says yes and explains the steps on the xsiam side mostly. however not much on the ngfw side on how to configure the syslog profile / log forwarder. m...

PA_nts by L4 Transporter
  • 3266 Views
  • 8 replies
  • 0 Likes
  • 157 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks