This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

What is the difference between Market Place , Data source and XDR collectors in XSIAM

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

What is the difference between Market Place , Data source and XDR collectors in XSIAM

NivedaR
L2 Linker

‎01-30-2024 10:23 PM

Same as the title. Could you please give examples of how Market Place, Data source, and XDR collectors are in XSIAM in terms of ingesting data?

0 Likes Likes
2 REPLIES 2

LancePettay
L2 Linker

‎01-31-2024 09:42 AM

Hi, Niveda!

 

Here is an explanation for each of the items you mentioned. When onboarding a new data source, I recommend following these in the order I've described below.

 

  1. Data Sources
    1. This is the first place you should start when onboarding a data source. It ties into the marketplace directly and will automatically download any packs needed for a particular data source as well as assist you with the configuration. This makes the onboarding process much easier.

    2. There is also some helpful information available in our documentation:

      https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Adding-a-ne...

  2. Marketplace
    1. Occasionally, a data source will not be supported by the data source onboarder (above), so you will need to search for it in the marketplace directly. There are also many other packs in the marketplace that are not exclusively related to data sources. Once installed, any packs with an integration with another product can be found under Settings>Configurations>Data Collection>Automation & Feed Integrations. This includes those that came from the data source onboarder.
  3. XDR Collectors
    1. In the event you have a data source which is not available through the other methods above, XDR Collectors are one available option for getting that data by placing an XDR Collector directly on a server. I cannot cover all of the details around XDR Collectors here alone, so check out our documentation on the subject: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/XDR-Collect...
    2. As well as additional methods for external data ingestion: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/External-Da...

 

I hope this helps!

- Lance

0 Likes Likes

jgupta
L0 Member

‎06-05-2024 10:01 AM

Market Place: A digital platform where you can find purchase and deploy security services/application.

XDR Collector: It gathers the data from various sources like endpoints, network traffic and cloud to provide comprehensive view of org security.

Data Source: Any system or tool that generates security related data that can be ingested and analyze by cortex

 

0 Likes Likes
  • 1497 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks