This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2631 Views
  • 0 replies
  • 0 Likes

XSIAM - Vulnerability field (Issues)

Hi All. Please, using "JSON Sample Incident Generator (Community Contribution)" app, is there any way to set "CATEGORY" field a value on Issues?. Using "Classification & Mapping" and setting "Category" field to a specific value did not work. Thank you.

Preventing Access to "Resolve & Create Exclusion " based on Role

Hello Livecomm, I have a trivial question. Does anyone know how to prevent users from a specific role to '"Resolve & Create Exclusion " when closing a case? I have reviewed the various options the role provides but there is no mention of this feature. We want to prevent low level analysts from using this feature. Many thanks, MSysec Cortex ...

XSIAM V3.3 upgrade - anyone having issues?

Hi All, We have a XSIAM tenant running v3.2 and PAN upgraded to V3.3 yesterday (Nov 16th 2025) and since then we have a number of issues ie - content pack updates (base/scripts etc) updates failing - transformers missing as such custom playbook runs affected. have a TAC logged.. want to see if anyone else having issues since yesterday. thanks

PA_nts by L4 Transporter
  • 2580 Views
  • 1 replies
  • 0 Likes

Timeout issue - Health Issue/Alerts in XSIAM

Hello, We are seeing multiple health issues under collection type. For example: Issue name: Collection error in the instance AWS_*** collector Description: timeout while waiting for server to answer: request ********-****-****-****-**********. Wait time: 1m5s (1515) I am seeing this issue across multiple collector types, including AWS, G...

Vinay_AS by L0 Member
  • 783 Views
  • 0 replies
  • 0 Likes

XQL question

Hello, I'm trying to get all the outgoing firewall traffic, except port 80, 443 using the query below but no sucess. Any ideias? dataset = panw_ngfw_traffic_raw| filter source_ip in ("x.x.x.x/24")| filter dest_port != 443 and 80| fields _time, source_ip, dest_ip, dest_port, action, app, bytes_sent, bytes_received, _device_id, rule_matched

SouzaBr by L0 Member
  • 2061 Views
  • 1 replies
  • 0 Likes

Limit the use of memory of Cortex XDR pro agent

Hi, We have a large memory consuption of memory in SQL servers and micro-services, the question it is posiible to limit the memory consuption for these especific cases or there is another recomendation to create a profile with some exceptions for the SQL process? Actually is some cases the agent is using 3 GB or more of memory. Thanks for your...

garciaof by L0 Member
  • 425 Views
  • 0 replies
  • 0 Likes

xSIAM to xSOAR integration

Hey, We’re currently looking at a potential xSIAM customer but haven’t been able to find any documentation confirming whether xSIAM can integrate with xSOAR. Does anyone have any insight?Context:I work for an MSSP that leverages xSOAR to ingest detection triggers and orchestrate responses for all our customers from a single platform, but can't f...

Resolved! How are Context Variables Maintained when Upgrading to 3.2 ?

Hello Live Comm, I am currently working on XSIAM 2.7 and I want to know what happens to context variables when upgrading the platform to 3.2. 2.7 has the incident and alert convention for variables such as alert.id or alert.hostname. If we have used these variables in a playbook or an automation what happens when the convention becomes issues an...

sending NGFW logs to XSIAM without broker-vm

Hi, I have a xsiam tenant running and a palo vm-100 (11.2.x) in our lab (xsiam / ngfw exists in the same csp account) trying to find docs on this process.. the xsiam admin guide is pretty vague, it says yes and explains the steps on the xsiam side mostly. however not much on the ngfw side on how to configure the syslog profile / log forwarder. m...

PA_nts by L4 Transporter
  • 3067 Views
  • 8 replies
  • 0 Likes

Tagging all data from a broker-vm

Hi All, has anyone done this to date yet? I have a broker-vm deployed in a specific region and want to tag any and all data from this broker-vm with a custom region tag.. anyone written a parsing rule for this as yet? thanks in adv

PA_nts by L4 Transporter
  • 454 Views
  • 0 replies
  • 0 Likes

XSIAM NGFW Panorama logs onboarding

What is the recommended method to onboard NGFW logs. If the NGFWs are sending the logs to Panorama, how should i get the logs to XSIAM. I did see the "NGFW" integration and there is also syslog through Broker VM. which one is recommended? If I use the "NGFW" integration would it be enough to just connect to Panorama(and it sends all the logs fro...

IP Enrichment from Internal IP Address Range

Is it possible to build API request to enrich details about the local IP and in which Internal IP CIDR range it is exists? We have this data in XSIAM configuration. For big enterprise with many networks its useful enrichment to know the network location or which services are under it. Thanks for advise.

MDovirak by L2 Linker
  • 593 Views
  • 0 replies
  • 0 Likes

Questions About Cortex XSIAM API Limits (IOCs Insertion & Retrieval, Rate Limiting)

Hi Community, We are integrating with the Cortex XSIAM API and would appreciate some clarity on the following points: Insert IOCsWe plan to use the endpoint:https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Insert-or-update-IOCsWhat is the maximum number of IOCs that can be inserted in a single API request to Cortex XSIAM? API...

Bharat by L0 Member
  • 2380 Views
  • 1 replies
  • 0 Likes
  • 152 Posts
  • 42 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks