Hi @RFeyertag all underlying components of XDR are already in XSIAM, and much more. Which means, you get the same set of agents send events/alerts to the management console in XSIAM for stitching. Using automation/playbooks, you can initiate actions on those alerts. There's also a massive chunk of XSOAR bits that have been introduced into XSIAM for additional use cases like data ingestion, integrations, playbook development, threat intel, attack surface management etc. So a rough analogy would be: XSIAM = XDR + XSOAR + Xpanse
Take a look at the following sections (Architecture and Concepts) : https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Architecture
... View more