0
3.1.0
Australia, Zurich, Yokohama, Xanadu
Integration
The Palo Alto Networks XSIAM SIEM ingestion integration allows you to automatically retrieve incidents from XSIAM, convert them into security incidents, and enable automated response actions.
Automated Detection & Incident Creation :
Detect Palo Alto Networks XSIAM SIEM incidents that qualify as security incidents and automatically create security incidents in SIR.
Field Mapping for Seamless Data Flow :
Map XSIAM SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
Advanced Filtering Capabilities :
Filter incoming XSIAM SIEM incidents based on defined criteria to ingest only relevant security incidents.
Smart Incident Aggregation :
Group similar XSIAM SIEM incidents under existing open security incidents to avoid duplication and reduce operational overhead.
Scheduled Alert Ingestion :
Ingest XSIAM SIEM incidents into SIR at scheduled intervals to ensure regular and timely updates.
Comment Synchronization :
Synchronize comments between XSIAM SIEM incidents and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
Fixed:
- Aggregation on the cmdb_ci or affected_user field was not attaching all mapped CIs or affected users to the SIR incase multivalue mapping.
Changed:
- Handling unmatched CI and Unmatched affected users.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin