Automate changes to Incident and Alerts to send to backend system

So looking at a way for when an analyst is working on an incident/case in XSIAM so that, if they add any notes, change the assignment, change severity, run commands in warroom etc - that these changes are sent automatically to a backend webhook via h

Broker-VM disconnet alert notification

Hi All,

anyi dea how i can generate an alert when a broker-vm gets disconnected?

Has anyone managed to create a correlation rule that will alert if a Broker-VM gets disconnected from XSIAM?

the xsiam documentation states that 'To help you monito

Sending alert data via http POST - http body is empty

Hi All,

so i am trying to send alerts via a playbook using either http or httpv2 script to send my alert data to a webhook url where the soc analysts will have a common workbench for all alerts (multi xsiam tenant options)

i can connect to the web

XSIAM Integration Web Server

Hi,
I want to create an Integration that start a simple web server with a single button for example that print "Hello World".
There is the out of the box integration "Generic Export Indicators Service" I want it to be based on that (With Long Running i

Azure Entra SSO for Cortex XSIAM/XDR

Hello LIVEcommunity,

Seeking help on Azure Entra SSO integration for XSIAM/XDR.

I've managed to setup the configuration according to the documentation. The SP-initiated login are working fine, but not the Idp-initiated login. Logged a case with Pal

Linking Issues to Cases with Command

Hello Livecomm, 

I am trying to link an issue to a case using CLI/automation or similar. Right-clicking on an issue allows me to assign it to a case, but I have not found an option to do this programmatically. I have tried using the link incident and

Working with Multi-Select Array Field with setParentIncidentFields

Hello all,

I have an array of various IPs, and I want to set them to a case field using the setParentIncidentFields command. When defining the argument of values ${my.ips} only the last value is saved. I have tried join or split but to no success. Ca

Uploading files to Open Cloud Applications

HI Team,

I'm running a test case in uploading test documents to open source Cloud applications.

I was successful, but in xdr_data and Zscaler dataset; the file uploads and file names are being shown as blank or none.

Please let me know

1. if this

Querying Users Who Changed Incident Status to "Action Required"

Hi Team,

We have a process where a user works on an incident and updates its status to "Action Required" for further investigation. While we can see the identity of the user who made this change in the Timeline tab of each incident, reviewing this in

Monitoring Bluetooth

Hi,

We are using Cortex XSIAM. Now we want to perform monitoring of Bluetooth in Microsoft Windows 10 and 11 computers. The reason we want to check whether our users are connecting their mobile phones, like iPhone and Androids, through their office

Cortex XDR Host Firewall Rule evaluation

Hi Team,

I have a doubt about Host Firewall rule evaluation. Let say i have a rule created to allow all internal application inbound traffic on specific port / Remote IP. In the same rule group if i create another outbound rule and action type : allo

Jira and Teams XSIAM Integration

This is in XSIAM. When I create an instance in "Automation and Feed integrations" I can see that it creates one in the "Data sources" section as well. I do not want the logs from Teams in XSIAM and hence to not want an instance in the "Data sources"