What is Cortex XSIAM?
The Cortex XSIAM is MOJ’s strategic choice of tooling for Security Operation Centre. The Cortext XSIAM is a SAAS solution provided to MOJ by Palo Alto Networks.
The MIP team in collaboration with the SOC team is currently working on:
- Configuring the XSIAM according to MOJ’s requirements
- Managing access to the platform via SSO with our MOJO Azure AD credentials
- Managing log ingestions from all MOJ critical services
- Managing analysis of the ingested data and anomaly detections using correlation rules
- Managing automatic remediations of incidents using playbooks of the Cortext XSOAR
What does it look like in MOJ?
Below is a high level diagram that illustrates all the data sources that XSIAM is ingesting data from:
Here is a list of all the datasource integrations with XSIAM:
| Data Source | Integrations |
|---|---|
| Using Broker VM: | |
| Atos managed Cisco ASA devices | Broker VM in Production AWS |
| Core Network devices in 102PF | Broker VM in NOC AWS |
| Using Native XSIAM integrations: | |
| Azure Landing Zone | Azure Event Hub integration |
| PaloAlto Next Generation Firewalls | NGFW integration |