Monitor Cortex XSIAM authentication and audit logs for detecting attacks on Cortex XSIAM.
You can audit and query Cortex XSIAM authentication logs and activity logs to track and trigger alerts about malicious activity on Cortex XSIAM.
A indicates support and a dash (—) indicates the feature is not supported.
LOG TYPE | RAW DATA VISIBILITY | NORMALIZED LOG VISIBILITY | Cortex XSIAM ALERT VISIBILITY |
---|---|---|---|
Cortex XSIAM authentication logs |
Logs and stories are searchable in XQL Search. |
Cortex XSIAM authentication logs normalized into authentication stories, which are searchable in the Query Builder. |
Cortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. NoteCortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. |
Cortex XSIAM audit logs |
Logs and stories are searchable in XQL Search. |
Cortex XSIAM authentication logs are normalized into SaaS stories which are searchable in the Query Builder. |
Cortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. NoteCortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs. |