Onboarding data sources - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Explains how to onboard data sources and instances from the Data Source page.

On the Data Sources page, you can see all data sources with configured instances, grouped by integration. Data sources are categorized into Palo Alto Networks Integrations and 3rd Party Integrations.

To see information about configured instances and their statuses, click on a data source name. You can filter the list of data sources, or search by integration, content pack, or instance name. You can also onboard new data sources and instances.

Access the Data Source page from SettingsData Sources or SettingsConfigurationsData CollectionData Sources.

From this page you can:

  • + Add Data Source with the Data Source Onboarder.

    The Onboarder provides a simplified integration setup page that automatically installs the required Marketplace packs and recommends additional content, such as playbooks and dashboards, that are relevant to the selected data source.

  • + Add New Instance for an integrated data source.

  • Review and take actions on existing instances.

    You can refresh log data, edit, delete, enable, or disable the instance.

  • Globally turn on or off URL and File log types collection for Palo Alto Networks integrations.