Security Incident Response Integration with Cortex XSIAM by Palo Alto Networks

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Security Incident Response Integration with Cortex XSIAM by Palo Alto Networks ingests Alerts and Incidents from Cortex XSIAM into ServiceNow®'s Security Incident Response platform, enabling seamless post-incident management while maintaining bi-directional status and work note synchronization.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Overview of Cortex XSIAM integration

    Security teams can leverage XSIAM's detection capabilities alongside ServiceNow®'s workflow Orchestration without manual updates or context switching for a rapid issue resolution.

    See the following graphic to learn how Cortex XSIAM integrates with the ServiceNow AI Platform Security Operations applications.

    Pan XSIAM process overview

    Key Features

    Use the key features of this integration to do the following actions:
    • Create profiles for incident ingestion.
    • Filter out noisy alerts and ingest only the actionable cases into ServiceNow® SIR.
    • Map Cortex XSIAM Incident, Alert, and Event Field to SIR security incident fields.
    • Correlate incidents to existing open security incidents so that you don't have to create duplicate security incidents.
    • Bi-directional synchronization of status, priority, and work notes between Cortex XSIAM and ServiceNow® SIR.