Automation and Feed Integrations - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-06-09
Category
Administrator Guide
Abstract

Add integration instances to your system.

In Cortex XSIAM you can add and configure integrations such as messaging (such as EWS, Gmail), SIEM (such as IBM QRadar), authentication (such as AD, SAML, etc), feeds (such as AutoFocus), etc. For example, the IBM QRadar integration enables you to ingest QRadar events in Cortex XSIAM as alerts. You can then process the alerts using a playbook, analyze the data, and take any response as required.

Some of these integrations are installed out-of-the box from Content Packs. You can also create your own integration, or upload an integration.

In the Automation & Feed Integration page (SettingsConfigurations) you can do the following:

  • Configure an integration instance.

    You can fetch alerts from an integration instance and update settings by clicking the settings cog wheel icon. You can also add classifiers and mappers to the instance.

  • View existing instances.

  • Enable/disable the integration instance.

  • Create or bring your own integration (BYOI).

  • Upload an integration.

  • View version history of the integrations.