Cortex XSIAM Discussions

Working with Multi-Select Array Field with setParentIncidentFields

Hello all,

I have an array of various IPs, and I want to set them to a case field using the setParentIncidentFields command. When defining the argument of values ${my.ips} only the last value is saved. I have tried join or split but to no success. Ca

Creating a Custom Issue For a Case

Hello LiveComm,

I have created a custom case with a single Issue for a Use-Case.

I want to create more issues with a command or script in this custom case which will eventually be a playbook task.  How does one do such an action?

Many thanks,

MSysec

Uploading files to Open Cloud Applications

HI Team,

I'm running a test case in uploading test documents to open source Cloud applications.

I was successful, but in xdr_data and Zscaler dataset; the file uploads and file names are being shown as blank or none.

Please let me know

1. if this

Computers no longer showing in Console

Hi,

We have staff members who work in the mining area and do not connect for a very long time; in some cases we have seen they came back from the sites after four months. Additionally, their computers do not appear on the Cortex XSIAM console, or I

Querying Users Who Changed Incident Status to "Action Required"

Hi Team,

We have a process where a user works on an incident and updates its status to "Action Required" for further investigation. While we can see the identity of the user who made this change in the Timeline tab of each incident, reviewing this in

Monitoring Bluetooth

Hi,

We are using Cortex XSIAM. Now we want to perform monitoring of Bluetooth in Microsoft Windows 10 and 11 computers. The reason we want to check whether our users are connecting their mobile phones, like iPhone and Androids, through their office

Cortex XDR Host Firewall Rule evaluation

Hi Team,

I have a doubt about Host Firewall rule evaluation. Let say i have a rule created to allow all internal application inbound traffic on specific port / Remote IP. In the same rule group if i create another outbound rule and action type : allo

Jira and Teams XSIAM Integration

This is in XSIAM. When I create an instance in "Automation and Feed integrations" I can see that it creates one in the "Data sources" section as well. I do not want the logs from Teams in XSIAM and hence to not want an instance in the "Data sources"

Options to onboard Microsoft Message trace logs into XSIAM

As we have an option in Splunk to see the all the message tracking logs through Microsoft message trace app, do we have any similar app to integrate?

Cortex XSIAM 

Extract Incident context data using 'set' script

Hi All

very simple task running the 'set' script in a very basic playbook in xsiam

i am trying to pull the 'xsiam url link to the incident' from the incident context data ${parentIncidentFields.xdr_url} into a set task.. but it keeps showing as empty

Agent Not updating

Hi,

We have Windows clients which are sometimes not on the network nor connected to the internet. Their agent does not get updated. Tell me what other solutions we have to get it updated

sending NGFW logs to XSIAM without broker-vm

Hi,

I have a xsiam tenant running and a palo vm-100 (11.2.x) in our lab (xsiam / ngfw exists in the same csp account)

trying to find docs on this process.. the xsiam admin guide is pretty vague, it says yes and explains the steps on the xsiam side mo

Forcepoint proxy integration with XSIAM

Hi Palo Team, I am trying to onboard Forcepoint proxy logs into XSIAM, but i couldn't found any marketplace app/supporting datamodel.

Could someone help/guide to onboard the forcepoint proxy logs.

additionally referring to Splunk where we have a option

How to group related alerts in XSIAM and create a unique incident

Hi dear community :):  I have a question

Several alerts are forwarding in my Cortex XSIAM system coming from Microsoft Defender, these alerts have different names but all of them are part of a unique incident in MDefender and have a unique event ID.