Incident catagories (manual vs automated)

The XSIAM dashboard view splits incidents based on whether they are manual or automated.  What field(s) does the dashboard use to determine an incident was automated?

Playbook| XSIAM

How to check if a particular integration is enabled using a playbook?

for example I want a conditional task that checks if AD is enabled. What filters can I use ?

Custom Alert Types

Can we create custom Alert Types ?

any way to have multiple counts within same xql query

I need query about status of incidents. I have to all status count in same query. For example in april have 25 auto-resolved, 20 FP, 20 TP but I dont know how can i count in same query. Does anyone have any ideas on this topic?

IBM AS400, AIX Logs, integration XSIAM

Hi,

How does Palo Alto Networks propose integrating logs from IBM AS400 and AIX servers?

Also, are there any new integrations or IBM features being ported from Qradar SaaS to XSIAM?

Thanks,

Geethika Wijesuriya

XDR Agent Reconnecting

Agent Version: 8.6.0.3704
Last Seen: 01 January 2025

We had to remove the protection since it is cutting off connection via SSH for Backup purposes. Moreover, with protection off, it is able to backup consistently.

My question is, we have I al

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

Dynamic Parsing of JSON to fields in XQL

Hi everyone,

I’m working with a dataset in Cortex XSIAM, where I have a field containing JSON data. I want to dynamically parse this JSON so that each key becomes a field and the corresponding value is populated as its value.

Is there a way in XQL

Custom logo in XSIAM

Do we have an option to change/add the custom logo in XSIAM UI

Broker VM rejects SSL certificate

Hello PAN community,

I am trying to import a SSL certificate into our #BrokerVM
I can upload the private key, but the Server Certificate gets rejected with the Error: "failed to set custom ssl certificate"

I tried .cer and .pem files and none were a

XSIAM Assets / Network Mapper - How to identify unknown assets

We configured network mapper in the BrokerVM settings and using multiple ports for network identification. Of course, on the firewalls we allow all traffic from them to make a full visibility internally. However, the scan doesn't resolve the hostname

Forwarding event to XSIAM

hi , how can i forward special event id to xsiam . For example i want to send 4624 id event log from active directory to cortex xsiam

XQL Query for a Correlation Rules

I am trying to write a xql query for a correlation rule in which alert or incident will trigger for below condition.
Condition:

Threshold: Only once on match 2

Detect on unique values of: hostname

So, my question is. how to write "Detect on unique valu

What part of the network did an alert generate from?

Within XSIAM, an enterprises' network asset ranges are defined at Assets > Network Configuration.  On adding a network, you are able to assign the network a range name and and IP address range.

When an alert is generated within XSIAM, where is the

XSIAM custom widget with custom timeframe

Need help in creating a custom dashboard like "incident status board" but need a custom time frame to select the dates and time,
1.find MTTR in that time frame
2. find the resolution category type for the same time frame data

Thanks for assisting