This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Start a conversation

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2639 Views
  • 0 replies
  • 0 Likes

Questions About Cortex XSIAM API Limits (IOCs Insertion & Retrieval, Rate Limiting)

Hi Community, We are integrating with the Cortex XSIAM API and would appreciate some clarity on the following points: Insert IOCsWe plan to use the endpoint:https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Insert-or-update-IOCsWhat is the maximum number of IOCs that can be inserted in a single API request to Cortex XSIAM? API...

Bharat by L0 Member
  • 2398 Views
  • 1 replies
  • 0 Likes

XSIAM Pending Playbooks

In XSIAM, how can I determine (query ?) the current total number of playbooks with a playbook run status of "Pending" via an XSIAM command or XSIAM API, as opposed to filtering in UI ? The use case is to be "proactively" notified (via workflow or job) if the total number is at, or over, a specific threshold. Thank You --

DBruce by L0 Member
  • 615 Views
  • 0 replies
  • 0 Likes

XSIAM XQL Query help needed

Hi All, So i need some xql query help please.. Example : I have 2 datasets in xsiam, one called 'xdr_data', and another called 'ioc', In my 'ioc' dataset I have a field called 'indicator' with different values ie 4.4.4.4; 1.2.3.4 for example.. these we auto populate when we find iocs ie ips, hashes, url etc etc.. My plan is to run a correlation ...

PA_nts by L4 Transporter
  • 1710 Views
  • 1 replies
  • 0 Likes

Marketplace Content pack update - best practices

Hi All, How do you manage content updates in the market place currently? Any best practices to follow as it seems this is a manual process to review the release notes and plan updates accordingly. Is there a way to notify via email if new content packs become available? thanks in adv

PA_nts by L4 Transporter
  • 480 Views
  • 0 replies
  • 0 Likes

Collecting IIS Log

Hi, I have configured the filebeat to collect the IIS log, but I don't see any dataset related to the IIS log in the dataset table and also don't know how and in which dataset to get those logs. this the filebeat configuration ---filebeat.modules:- module: iisaccess:enabled: truevar.paths:- C:/inetpub/logs/LogFiles/W3SVC*/u_ex*.logerror:enabled:...

Inquiry About Third-Party VPN Logs and Analytics Alerts in XSIAM

Hi All, ■BackgroundI would like to inquire about the Ivanti VPN logs ingested into XSIAM.I have installed the data model rules from the content pack. However, I encountered the following issues: Analytics Alerts: No Analytics alerts related to third-party VPNs have been generated.Datasets: The logs are not displayed in the "vpn_logs" or "xdr_dat...

Guidance on Automating Alert Notifications in Cortex XSIAM Using Playbooks (Future SNOW Integration)

Hello everyone, I'm currently exploring Cortex XSIAM as part of my day-to-day responsibilities, and I’m working on automating alert notifications using native playbooks particularly for mail notifications triggered by specific alerts, like "port scan". The end goal is to reduce manual handling, potentially via email. As a first step, I’d like to...

API to get data from lookup dataset

Hi All, in XQL - i can run a query and dump the data into a lookup dataset, this works, then i can run a local query against this lookup dataset and i see all the data as expected. however, when i run an API request against (https://api-yourfqdn/public_api/v1/xql/lookups/get_data) to get the data i only see the following fields (in bold below)....

PA_nts by L4 Transporter
  • 511 Views
  • 0 replies
  • 0 Likes

Using Field change and SLA scripts in XSIAM

I am trying to create a custom Automation script in XSIAM which I aim to trigger on change of Alert status/field or when SLA is breached for a SLA field. Though the script is developed easily and tagged as 'field-change-triggered' or 'sla', I am unable to configure a trigger for the script. Can someone help me configure this? Thank you

Masking sensetive information before cloud upload

Hey Guys, I want to share an ability to mask or remove sensetive data before it being uploaded to xsiam you can do parse policy using collect stage on target broker with regex function and alter action to set regexes for sensetive info like credit cards and change it on the broker vm layer before it is being uploaded to the cloud

  • 153 Posts
  • 42 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks