This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Cloud Identity Engine - CIE

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cloud Identity Engine - CIE

A.Velusamy
L2 Linker

‎06-05-2026 11:18 AM

Hi,

 

Is anyone using Cloud Identity Engine in XSIAM? How useful is it, and could you share your use case and experience?

 

Thanks

0 Likes Likes
1 REPLY 1

Vinothkumar_SBA
L3 Networker

‎06-08-2026 04:40 AM

Hi @A.Velusamy 

 

We are currently using Cloud Identity Engine (CIE) in our XSIAM environment, and it has been very useful. One of the main benefits is the additional identity context that becomes visible within incidents and alerts, which helps analysts investigate security events more efficiently.

We have integrated CIE with Active Directory, and it provides valuable visibility into user identities, group memberships, authentication activities, and associated assets. We have also developed correlation rules based on identity-related logs, which help us better understand user activity and improve detection coverage.

 

In addition to Active Directory, CIE supports integrations with cloud identity providers such as Microsoft Entra ID (Azure AD), Okta, and other identity sources. This enables XSIAM to correlate user activity across both on-premises and cloud environments, providing a more complete identity view.

 

The identity data collected through CIE is leveraged by XSIAM analytics and detection logic to identify suspicious and anomalous user behavior, such as:

  • Unusual authentication patterns
  • Privilege escalation activities
  • Excessive failed logins
  • Impossible travel scenarios
  • Abnormal access to sensitive resources
  • Suspicious account usage across multiple systems

Overall, we have found CIE to be valuable for:

  • Enhanced incident visibility and identity context
  • Active Directory, Entra ID, and Okta user activity monitoring
  • Identity-based correlation rules and detections
  • Improved user-to-asset mapping
  • Better detection of suspicious and anomalous behavior
  • Faster and more effective incident investigations
  • Improved identity threat detection and response (ITDR)
  • Better risk-based analysis and user-centric investigations
  • Centralized visibility across multiple identity providers

In our experience, enabling CIE significantly improves the quality of investigations by providing richer identity context and helping analysts quickly understand who is behind an activity, what systems they have access to, and whether the observed behavior is normal or potentially malicious.

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !


Read more about how and why to accept solutions.

 

Best Regards,
Vinothkumar.C

SBA Info Solutions pvt ltd - Chennai.

0 Likes Likes
  • 107 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks