Security Incident Response Integration with Cortex XSIAM by Palo Alto Networks
Security Incident Response Integration with Cortex XSIAM by Palo Alto Networks ingests Alerts and Incidents from Cortex XSIAM into ServiceNow®'s Security Incident Response platform, enabling seamless post-incident management while maintaining bi-directional status and work note synchronization.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Overview of Cortex XSIAM integration
Security teams can leverage XSIAM's detection capabilities alongside ServiceNow®'s workflow Orchestration without manual updates or context switching for a rapid issue resolution.
See the following graphic to learn how Cortex XSIAM integrates with the ServiceNow AI Platform Security Operations applications.
Key Features
- Create profiles for incident ingestion.
- Filter out noisy alerts and ingest only the actionable cases into ServiceNow® SIR.
- Map Cortex XSIAM Incident, Alert, and Event Field to SIR security incident fields.
- Correlate incidents to existing open security incidents so that you don't have to create duplicate security incidents.
- Bi-directional synchronization of status, priority, and work notes between Cortex XSIAM and ServiceNow® SIR.