Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.
About Cortex XSIAM Discussions
Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

Discussions

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2804 Views
  • 0 replies
  • 0 Likes

XSIAM Incidents notes and messenger

Hi everyone, I am trying to get all the information added to the Notepad or Messenger fields (Incident Discussion) from the incidents.I do not need the information contained in the RESOLVE_COMMENT column of the incidents table.Would it be possible to get this information using XQL?

About cross-tabulation in XQL

Hi Is it possible to execute PIVOT on the results of XQL execution? For example, if I execute an XQL query on the following table 1/1/2025 allow hostname1/1/2025 deny hostname1/2/2025 allow hostname1/2/2025 allow hostname1/3/2025 deny hostname1/3/2025 deny hostname I want to get the following output allow deny1/1/2025  ...

Playbook| XSIAM

How to check if a particular integration is enabled using a playbook? for example I want a conditional task that checks if AD is enabled. What filters can I use ?

XDR Agent Reconnecting

Agent Version: 8.6.0.3704Last Seen: 01 January 2025 We had to remove the protection since it is cutting off connection via SSH for Backup purposes. Moreover, with protection off, it is able to backup consistently. My question is, we have I already raised a ticket to TAC but they are unsure on what module that is cutting connection via SSH. W...

Welcome to the Cortex XSIAM Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 2804 Views
  • 0 replies
  • 0 Likes

Dynamic Parsing of JSON to fields in XQL

Hi everyone, I’m working with a dataset in Cortex XSIAM, where I have a field containing JSON data. I want to dynamically parse this JSON so that each key becomes a field and the corresponding value is populated as its value. Is there a way in XQL to dynamically create columns from JSON keys without explicitly defining each key using alter? Ho...

Broker VM rejects SSL certificate

Hello PAN community, I am trying to import a SSL certificate into our #BrokerVMI can upload the private key, but the Server Certificate gets rejected with the Error: "failed to set custom ssl certificate" I tried .cer and .pem files and none were accepted. The guide only mentions the cipher as an error source, but SHA256 was used. (Configure t...

XSIAM Assets / Network Mapper - How to identify unknown assets

We configured network mapper in the BrokerVM settings and using multiple ports for network identification. Of course, on the firewalls we allow all traffic from them to make a full visibility internally. However, the scan doesn't resolve the hostname or open ports on the machine that can support with OS identification, like 22/ssh - potential Li...

MDovirak by L2 Linker
  • 1302 Views
  • 1 replies
  • 0 Likes
  • 169 Posts
  • 44 Subscriptions
Top Solution Authors
Labels