New Features - Strata Logging Service - January 2026
Integrate Behavior Threats Incidents into Cortex XSIAM
SaaS Security supports integrating Behavior Threats incidents directly into Cortex XSIAM, enabling security teams to centralize behavioral alerts alongside all other security telemetry. This integration allows for a unified and more efficient response to sophisticated threats.
Key Features:
Unified Security Posture: BT incidents are forwarded to a dedicated HTTP Log Collector in XSIAM for centralized monitoring.
Standardized Data: Incident data is sent automatically in JSON format, including details like severity, description, and user email, using the ba_incident_event log type.
Push-Based Model: The integration uses a reliable push model to ensure timely delivery of new incidents.
Setup Notes:
The configuration is a two-step process: first, preparing the JSON-configured HTTP Log Collector in XSIAM to obtain the URL and API Key; and second, registering the XSIAM tenant within the BT environment via the SRE/Engineering support service.
Note: This integration is not retroactive. Cortex XSIAM will only receive BT incidents generated after the integration is successfully completed.