Configure server settings such as keyboard shortcuts, timezone, and timestamp format.
You can configure server settings such as keyboard shortcuts, timezone, and timestamp format, to create a more personalized user experience in Cortex XSIAM. Go to Settings → Configurations → General → Server Settings.
Note
Keyboard shortcuts, timezone, and timestamp format are not set universally and only apply to the user who sets them.
Server Setting | Description |
---|---|
Keyboard Shortcuts | Enables you to change the default shortcut settings. The shortcut value must be a keyboard letter, A through Z, and cannot be the same for both shortcuts. |
Timezone | Select a specific timezone. The timezone affects the timestamps displayed in Cortex XSIAM, auditing logs, and when exporting files. |
Timestamp Format | The format in which to display Cortex XSIAM data. The format affects the timestamps displayed in Cortex XSIAM, auditing logs, and when exporting files. This setting is configured per user and not per tenant. |
Email Contacts | A list of email addresses Cortex XSIAM can use as distribution lists. The defined email addresses are used to send product maintenance, updates, and new version notifications. These addresses are in addition to email addresses registered with your Customer Support Portal account. |
Password Protection (for downloaded files) | Enable password protection when downloading retrieved files from an endpoint. This prevents users from opening potentially malicious files. Administrator permissions required. NoteIf the Password Protection (for downloaded files) setting under Settings → Configuration → General → Server Settings is enabled, enter the password 'suspicious' to download the file. |
Google Maps Key | Enter the Google Maps API key to display the physical location of an entity on a Google map. |
Scoped Server Access | Enforces access restrictions on users with an assigned scope. A user can inherit scope permissions from a group, or have a scope assigned directly on top of the role assigned from the group. If enabled, you must select the SBAC Mode, which is defined per tenant:
|
Data Ingestion Monitoring (Beta) | Data ingestion health monitors the availability and overall health of data collection. When enabled, Cortex XSIAM creates the following types of alerts:
If you disable data ingestion monitoring, Cortex XSIAM continues to collect metrics, but alerts are not created. Related information
|
XQL Configuration | Enables setting case sensitivity across Cortex XSIAM. By default, this setting is set to |
Define the incidents target MTTR per incident severity | Determines within how many days and hours you want incidents resolved according to the incident severity Critical, High, Medium, and Low. The defined MTTR is used to display the Resolved Incident MTTR dashboard widgets. |
Impersonation Role | The type of role permissions granted to the Palo Alto Networks Support team when opening support tickets. We recommend that role permissions are granted only for a specific time frame, and full administrative permissions are granted only when specifically requested by the Support team. Role permissions include:
Permission Reset Timeframe: Determines how long role permissions are valid. |
Prisma Cloud Compute Tenant Pairing | NoticeRequires a Cortex XSIAM or Cortex XDR Pro license To enable the capabilities of the Cloud Security Agent, the Prisma Cloud Compute tenant must be paired with an existing Cortex XSIAM tenant. Pairing is one-to-one, with the two tenants being in the same region. For more information, see Pairing Prisma Cloud with Cortex XSIAM . |
Custom Content |
|
Alerts | Create timer fields that display in the alerts table and alert layouts. For more information, see Configure timer fields. |