>
    Send Security Alerts to SIEM
    Focus
    Download PDF
    Focus
    1. Home
    2. IoT Security
    3. Security Information and Event Management
    4. Send Security Alerts to SIEM
    Download PDF
    IoT Security

    Send Security Alerts to SIEM

    Table of Contents

    Send Security Alerts to SIEM

    Manually send security alerts from IoT Security through Cortex XSOAR to SIEM.
    Where Can I Use This?What Do I Need?
    • IoT Security (Managed by IoT Security)
    • IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical)
    One of the following Cortex XSOAR setups:
    • An IoT Security Third-party Integration Add-on license that includes a cohosted, limited-featured Cortex XSOAR instance
      AND
      A Cortex XSOAR Engine (on-premises integration)
    • A full-featured Cortex XSOAR server
    From the IoT Security portal, send a security alert to SIEM from the AlertsSecurity Alerts page. You can also do this in the Actions menu in the Alert section on the Device Details page.
    By integrating IoT Security through Cortex XSOAR with a third-party SIEM server, XSOAR automatically exports data about devices, security alerts, and device vulnerability in periodic incremental updates from IoT Security to SIEM. Therefore, it might be unnecessary to send a security alert to SIEM manually. However, if you haven’t performed a bulk export to SIEM and you want to send a security alert that wasn’t exported through the automatic incremental update process, then you can use this option to send it manually.
    1. Log in to the IoT Security portal and select an alert on AlertsSecurity AlertsAll Alerts.
    2. Click MoreSend toSIEM.
      IoT Security sends the security alert in Common Event Format (CEF) through Cortex XSOAR to the SIEM server.

    © 2025 Palo Alto Networks, Inc. All rights reserved.