Create Dataset XSIAM

I want to create a dataset to send certain types of logs to this dataset. For example, I want to create a dataset linux_facility_1 for example. Then I want to create a pharse with Ingest that "throws" all the logs of type facilty=1 to this dataset.

I

Output of prevalence commands

Hi

I have been searching around online, both on https://xsoar.pan.dev/ and looking at looking at the source code on github, for the Core - Investigation & Response integration. In order to figure what the values returned by the analytic prevalence co

Context polling playbook

In XSIAM playbook,I’m trying to fetch the incident status. When the incident status is changed to for eg under_investigation I want to my playbook to run a certain task. 
for this I want use context polling sub playbook 

key : parentIncidentFields.sta

How to write a data model to map to an authentication story

We are creating a data model and have questions like:

==============================================

We are aware that the method of mapping to an authentication story requires defining the following,
as described in the documentation.

However, w

XSIAM Incidents notes and messenger

Hi everyone,

I am trying to get all the information added to the Notepad or Messenger fields (Incident Discussion) from the incidents.
I do not need the information contained in the RESOLVE_COMMENT column of the incidents table.
Would it be possible

About cross-tabulation in XQL

Hi

Is it possible to execute PIVOT on the results of XQL execution?

For example, if I execute an XQL query on the following table

1/1/2025 allow hostname
1/1/2025 deny hostname
1/2/2025 allow hostname
1/2/2025 allow hostname
1/3/2025 deny hostname
1/3/2

Incident catagories (manual vs automated)

The XSIAM dashboard view splits incidents based on whether they are manual or automated.  What field(s) does the dashboard use to determine an incident was automated?

Playbook| XSIAM

How to check if a particular integration is enabled using a playbook?

for example I want a conditional task that checks if AD is enabled. What filters can I use ?

Custom Alert Types

Can we create custom Alert Types ?

any way to have multiple counts within same xql query

I need query about status of incidents. I have to all status count in same query. For example in april have 25 auto-resolved, 20 FP, 20 TP but I dont know how can i count in same query. Does anyone have any ideas on this topic?

IBM AS400, AIX Logs, integration XSIAM

Hi,

How does Palo Alto Networks propose integrating logs from IBM AS400 and AIX servers?

Also, are there any new integrations or IBM features being ported from Qradar SaaS to XSIAM?

Thanks,

Geethika Wijesuriya

XDR Agent Reconnecting

Agent Version: 8.6.0.3704
Last Seen: 01 January 2025

We had to remove the protection since it is cutting off connection via SSH for Backup purposes. Moreover, with protection off, it is able to backup consistently.

My question is, we have I al

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion