0
3.0.0
Zurich, Yokohama, Xanadu
The Palo Alto Networks XSIAM SIEM ingestion integration allows you to automatically retrieve incidents from XSIAM, convert them into security incidents, and enable automated response actions.
Automated Detection & Incident Creation :
Detect Palo Alto Networks XSIAM SIEM incidents that qualify as security incidents and automatically create security incidents in SIR.
Field Mapping for Seamless Data Flow :
Map XSIAM SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
Advanced Filtering Capabilities :
Filter incoming XSIAM SIEM incidents based on defined criteria to ingest only relevant security incidents.
Smart Incident Aggregation :
Group similar XSIAM SIEM incidents under existing open security incidents to avoid duplication and reduce operational overhead.
Scheduled Alert Ingestion :
Ingest XSIAM SIEM incidents into SIR at scheduled intervals to ensure regular and timely updates.
Comment Synchronization :
Synchronize comments between XSIAM SIEM incidents and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
New:
This integration offers
- Automated Detection & Incident Creation :
Detect Palo Alto Networks XSIAM SIEM incidents that qualify as security incidents and automatically create security incidents in SIR.
- Field Mapping for Seamless Data Flow :
Map XSIAM SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
- Advanced Filtering Capabilities :
Filter incoming XSIAM SIEM incidents based on defined criteria to ingest only relevant security incidents.
- Smart Incident Aggregation :
Group similar XSIAM SIEM incidents under existing open security incidents to avoid duplication and reduce operational overhead.
- Scheduled Alert Ingestion :
Ingest XSIAM SIEM incidents into SIR at scheduled intervals to ensure regular and timely updates.
- Comment Synchronization :
Synchronize comments between XSIAM SIEM incidents and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin