Visibility of Cortex XSIAM audit and authentication logs - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-11-12
Category
Administrator Guide
Abstract

Monitor Cortex XSIAM authentication and audit logs for detecting attacks on Cortex XSIAM.

You can audit and query Cortex XSIAM authentication logs and activity logs to track and trigger alerts about malicious activity on Cortex XSIAM.

check-mark.png indicates support and a dash (—) indicates the feature is not supported.

LOG TYPE

RAW DATA VISIBILITY

NORMALIZED LOG VISIBILITY

Cortex XSIAM ALERT VISIBILITY

Cortex XSIAM authentication logs

 check-mark.png 

Logs and stories are searchable in XQL Search.

 check-mark.png

Cortex XSIAM authentication logs normalized into authentication stories, which are searchable in the Query Builder.

 check-mark.png

Cortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Note

Cortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Cortex XSIAM audit logs

 check-mark.png 

Logs and stories are searchable in XQL Search.

 check-mark.png

Cortex XSIAM authentication logs are normalized into SaaS stories which are searchable in the Query Builder.

 check-mark.png

Cortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.

Note

Cortex XSIAM can raise Cortex XSIAM alerts (Analytics, IOC, BIOC, and Correlation Rules) when relevant from logs.