Configure server settings - Configure server settings such as keyboard shortcuts, timezone, and timestamp format. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation
Product
Cortex XSIAM
Creation date
2025-07-15
Last date published
2026-06-11
Category
Administrator Guide
Abstract

Configure server settings such as keyboard shortcuts, timezone, and timestamp format.

You can configure server settings such as keyboard shortcuts, timezone, timestamp format, and custom logos for communications task emails to create a more personalized user experience in Cortex XSIAM. Go to SettingsConfigurationsGeneralServer Settings.

Note

Keyboard shortcuts, timezone, and timestamp format are not set universally and only apply to the user who sets them.

Server Setting

Description

Keyboard Shortcuts

Enables you to change the default shortcut settings.  The shortcut value must be a keyboard letter, A through Z, and cannot be the same for both shortcuts.

Timezone

Select a specific timezone. The timezone affects the timestamps displayed in Cortex XSIAM, auditing logs and when exporting files.

Timestamp Format

The format in which to display Cortex XSIAM data. The format affects the timestamps displayed in Cortex XSIAM, auditing logs and when exporting files.

This setting is configured per user and not per tenant.

Email Contacts

A list of email addresses  Cortex XSIAM can be used as a distribution list. The defined email addresses are used to send product maintenance, updates, and new version notifications. These addresses are in addition to the email addresses registered with your Customer Support Portal account.

Custom Logo

By default, the Cortex XSIAM logo displays on communication task emails. You can replace the default logo with a custom logo to match your organization's branding.

Supported file formats are PNG, JPEG, SVG, and GIF.

The minimum recommended image dimensions are 50px height and 50px width. The recommended maximum file size is 100 KB.

AI Configuration

  • Enable or disable the Cortex Agentic Assistant (Agents & LLM Experience).

  • Enable or disable AI case summarization capabilities.

Note

  • The Cortex Agentic Assistant and AI case summarization are currently available for users in limited regions. For more information, see Agentic AI in Cortex XSIAM.

  • For multi-tenant/MSSP environments, the Cortex Agentic Assistant and AI case summarization are not available in the main tenant.

Password Protection (for downloaded files)

Enable password protection when downloading retrieved files from an endpoint. This prevents users from opening potentially malicious files.

Administrator permissions required.

Note

If the Password Protection (for downloaded files) setting under SettingsConfigurationGeneralServer Settings is enabled, enter the password 'suspicious' to download the file.

Google Maps Key

Enter the Google Maps API key to display the physical location of an entity on a Google map.

Scope-Based Access Control (SBAC)

Enforces granular scoping on users with a scoping configuration. A user can inherit scoping configurations from a user group, or have the scoping configuration applied directly on top of the role assigned from either a user group or a generated API Key.

By default, Enable Scope Based Access Control is disabled and granular scoping is not enforced. Before enabling SBAC, we recommend that an administrator or a user with Access Management permissions first ensure that the users, user groups, and API Keys defined in Cortex XSIAM are granted the required access by assigning the relevant scopes. For more information, see Manage user scope.

(Optional) If enabled, you can select the Endpoint Scoping Mode, which is defined per tenant:

  • Permissive: Enables users with at least one scope tag to access the relevant entity with that same tag.

  • Restrictive: Users must have all the scoped tags that are tagged within the relevant entity of the system.

Ingestion Evaluation Mode

Estimates your data sizing requirements for licensing purposes. When enabled, the system accepts, processes, and parses all your data to calculate ingestion metrics and populate the Ingestion and NGFW Ingestion Dashboards.

Data Ingestion Monitoring (Beta)

Data ingestion health monitors the availability and overall health of data collection. When enabled, Cortex XSIAM creates the following types of alerts:

  • Ingestion health alerts: Based on the data ingestion metrics and indicate disruptions in data collection

  • Collection health alerts: Based on error statuses in collection integrations and indicate that a collector is not connected

If you disable data ingestion monitoring, Cortex XSIAM continues to collect metrics, but alerts are not created.

Related information

  • Use data ingestion health metrics in Cortex Query Language queries and to create correlation rules with your data ingestion logic. For more information, see Monitor data ingestion health.

  • View all health alerts on the Health Alerts page. For more information, see About health issues.

XQL Configuration

Enables setting case sensitivity across Cortex XSIAM.

By default, this setting is set to false and field values are evaluated as case insensitive.

This setting overwrites any other default configuration except for BIOCs, which will remain case-insensitive no matter what this configuration is set to.

Define the cases target MTTR per issue severity

Determines within how many days and hours you want issues resolved according to the issue severity Critical, High, Medium, and Low.

The defined MTTR is used to display the Resolved Issue MTTR dashboard widgets.

Impersonation Role

The type of role permissions granted to the Palo Alto Networks Support team when opening support tickets. We recommend that role permissions be granted only for a specific time frame, and full administrative permissions be granted only when specifically requested by the Support team.

Role permissions include:

  • Read-only: Default setting; grants read-only access to your tenant.

  • Support-related actions: Grants permissions to tech support file collection, dump file collection, investigation query, correlation rule, BIOC and IOC rule editing, alert starring, exclusion, and exception editing

  • Full role permissions: No limitations are applied; grants full permissions to all actions and content on your tenant

Permission Reset Timeframe: Determines how long role permissions are valid.

Custom Content

  • Export all custom content: Exports custom content, such as playbooks and scripts as a content bundle, which you can import to another Cortex XSIAM tenant.

  • Upload custom content: Imports custom content created from another Cortex XSIAM tenant.

Case display modes

Allow users the access the Cases page in legacy mode.

Caching

Improve performance on the Cases and Issues pages by enabling a temporary data cache.

Note

In MSSP environments, this option is not available on the parent tenant.

Issues

Create timer fields that display in the issues table and issue layouts. For more information, see Configure issue timer fields.

Indicators

Note

Requires the TIM add-on.

By default, system-wide automatic indicator extraction and enrichment is disabled. However, if you migrated from Cortex XSIAM 2.x to Cortex XSIAM 3.x, system-wide automatic indicator extraction and enrichment is enabled.

If you have the TIM add-on, you can enable or disable system-wide automatic indicator extraction and enrichment from issues.

Unified Case View

Note

Requires an MSSP License and RBAC permissions to Cases & Issues and Investigation & ResponseAutomation.

This setting is available for the parent tenant only.

Enable the Unified Case View to see a consolidated view of all cases across your distributed environment and perform actions on child tenants.

If this setting is disabled, the Cases page displays a single tenant at a time with a drop down list to move between tenants in read-only mode.

For more information, see Unified case view.