This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2717 Views
  • 0 replies
  • 0 Likes

Tagging all data from a broker-vm

Hi All, has anyone done this to date yet? I have a broker-vm deployed in a specific region and want to tag any and all data from this broker-vm with a custom region tag.. anyone written a parsing rule for this as yet? thanks in adv

PA_nts by L4 Transporter
  • 468 Views
  • 0 replies
  • 0 Likes

XSIAM NGFW Panorama logs onboarding

What is the recommended method to onboard NGFW logs. If the NGFWs are sending the logs to Panorama, how should i get the logs to XSIAM. I did see the "NGFW" integration and there is also syslog through Broker VM. which one is recommended? If I use the "NGFW" integration would it be enough to just connect to Panorama(and it sends all the logs fro...

IP Enrichment from Internal IP Address Range

Is it possible to build API request to enrich details about the local IP and in which Internal IP CIDR range it is exists? We have this data in XSIAM configuration. For big enterprise with many networks its useful enrichment to know the network location or which services are under it. Thanks for advise.

MDovirak by L2 Linker
  • 630 Views
  • 0 replies
  • 0 Likes

Questions About Cortex XSIAM API Limits (IOCs Insertion & Retrieval, Rate Limiting)

Hi Community, We are integrating with the Cortex XSIAM API and would appreciate some clarity on the following points: Insert IOCsWe plan to use the endpoint:https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Insert-or-update-IOCsWhat is the maximum number of IOCs that can be inserted in a single API request to Cortex XSIAM? API...

Bharat by L0 Member
  • 2467 Views
  • 1 replies
  • 0 Likes

XSIAM Pending Playbooks

In XSIAM, how can I determine (query ?) the current total number of playbooks with a playbook run status of "Pending" via an XSIAM command or XSIAM API, as opposed to filtering in UI ? The use case is to be "proactively" notified (via workflow or job) if the total number is at, or over, a specific threshold. Thank You --

DBruce by L0 Member
  • 639 Views
  • 0 replies
  • 0 Likes

XSIAM XQL Query help needed

Hi All, So i need some xql query help please.. Example : I have 2 datasets in xsiam, one called 'xdr_data', and another called 'ioc', In my 'ioc' dataset I have a field called 'indicator' with different values ie 4.4.4.4; 1.2.3.4 for example.. these we auto populate when we find iocs ie ips, hashes, url etc etc.. My plan is to run a correlation ...

PA_nts by L4 Transporter
  • 1764 Views
  • 1 replies
  • 0 Likes

Marketplace Content pack update - best practices

Hi All, How do you manage content updates in the market place currently? Any best practices to follow as it seems this is a manual process to review the release notes and plan updates accordingly. Is there a way to notify via email if new content packs become available? thanks in adv

PA_nts by L4 Transporter
  • 507 Views
  • 0 replies
  • 0 Likes

Collecting IIS Log

Hi, I have configured the filebeat to collect the IIS log, but I don't see any dataset related to the IIS log in the dataset table and also don't know how and in which dataset to get those logs. this the filebeat configuration ---filebeat.modules:- module: iisaccess:enabled: truevar.paths:- C:/inetpub/logs/LogFiles/W3SVC*/u_ex*.logerror:enabled:...

Inquiry About Third-Party VPN Logs and Analytics Alerts in XSIAM

Hi All, ■BackgroundI would like to inquire about the Ivanti VPN logs ingested into XSIAM.I have installed the data model rules from the content pack. However, I encountered the following issues: Analytics Alerts: No Analytics alerts related to third-party VPNs have been generated.Datasets: The logs are not displayed in the "vpn_logs" or "xdr_dat...

Guidance on Automating Alert Notifications in Cortex XSIAM Using Playbooks (Future SNOW Integration)

Hello everyone, I'm currently exploring Cortex XSIAM as part of my day-to-day responsibilities, and I’m working on automating alert notifications using native playbooks particularly for mail notifications triggered by specific alerts, like "port scan". The end goal is to reduce manual handling, potentially via email. As a first step, I’d like to...

  • 157 Posts
  • 43 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks