09-05-2023 07:04 AM - edited 09-05-2023 07:05 AM
Hello Hrishikeshkale,
1) No, it is up to the administrator onboarding the logs to complete the process by properly parsing them to a dataset and then modeling the data as needed (either via marketplace content, or custom modeling rules)
2) Asset risk score is a summation of all alert scores involving an asset for the last seven days
3) Full raw logs are available for EDR data as well as any logs brought in as RAW format (syslog, json, etc.), other sources are currently only available in their parsed form
4) I believe you are referring to server-side upgrades of XSIAM itself? If so, there is no separation of "modules" within the product, XSIAM is a single solution incorporating components of other Cortex products. XSIAM upgrades are released quarterly, typically, and applied over the weekend when released.
5) XSIAM is a SaaS solution, resources are managed by Palo Alto Networks engineering teams, delays are not typical, however, there is log source monitoring available within the product.
6) Please contact your account team for detailed product architecture information
7) The forensics license add-on is available for the XDR agent, contact your account team for detailed information
8.Please contact your account team for licensing information and see #5 above
9) I cannot answer this without much more detailed information, please contact your account team to discuss your scenario(s)
10) Our in-product Marketplace has hundreds of content packs available including integrations to various 3rd party products and parsing/modeling rules for data retrieved from these solutions, please contact your account team for a detailed discussion of your integration needs and available out of the box content
11) This cannot be answered without a more detailed discussion of your needs/use cases, please contact your account team
