Manually send security alerts from Device Security through Cortex XSOAR to
SIEM.
Where Can I Use This?
What Do I Need?
Device Security (Managed by Strata Cloud Manager)
(Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise Plus,
Industrial OT, or Medical)
Device Security X subscription
One of the following Cortex XSOAR setups:
A free, cohosted, limited-featured
Cortex XSOAR instance
AND
A Cortex XSOAR Engine (on-premises integration)
A full-featured Cortex XSOAR server
From Device Security, send a security alert to SIEM from the
Alerts Inventory page. You can also do this in the Actions menu in the Alert section
on the Device Details page.
By integrating Device Security through Cortex XSOAR with a third-party SIEM server,
Cortex XSOAR automatically exports data about devices, security alerts, and device
vulnerability in periodic incremental updates from Device Security to SIEM. Therefore,
it might be unnecessary to send a security alert to SIEM manually. However, if you
haven’t performed a bulk export to SIEM and you want to send a security alert that
wasn’t exported through the automatic incremental update process, then you can use
this option to send it manually.