12-11-2024 08:48 AM
Within XSIAM, an enterprises' network asset ranges are defined at Assets > Network Configuration. On adding a network, you are able to assign the network a range name and and IP address range.
When an alert is generated within XSIAM, where is the range name found within the alert?
We want easily be able to see from which part of the enterprise network the alert is originating from.
12-16-2024 06:59 AM
network conf purpose in XSIAM to show the active manage assets in each network zone and use this configuration for the BrokerVM Network Mapper.
If you want to display range name in the alerts, you should create a custom layout for the alert, create a custom field "Network Name' and make a playbook that will check the range and map correct name for this range. It could be as json list.
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Documentation/Use-cases-JSON-li...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
