0
3.0.2
Zurich, Yokohama, Xanadu
The Palo Alto Networks XSIAM SIEM ingestion integration allows you to automatically retrieve incidents from XSIAM, convert them into security incidents, and enable automated response actions.
Automated Detection & Incident Creation :
Detect Palo Alto Networks XSIAM SIEM incidents that qualify as security incidents and automatically create security incidents in SIR.
Field Mapping for Seamless Data Flow :
Map XSIAM SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
Advanced Filtering Capabilities :
Filter incoming XSIAM SIEM incidents based on defined criteria to ingest only relevant security incidents.
Smart Incident Aggregation :
Group similar XSIAM SIEM incidents under existing open security incidents to avoid duplication and reduce operational overhead.
Scheduled Alert Ingestion :
Ingest XSIAM SIEM incidents into SIR at scheduled intervals to ensure regular and timely updates.
Comment Synchronization :
Synchronize comments between XSIAM SIEM incidents and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
Fixed:
- Bidirectional Sync for aggregated incidents.
- Issue with related incident closure when the parent SIR is closed.
- Loading time issue of alert sources and priority in profiles.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin