Set Alert Sources

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Select Alert Sources to map corresponding incidents to a security incident. Alert Sources are refreshed every time a profile is opened and new rules are available for selection. The Cortex XSIAM integration supports multiple profiles.

    Avant de commencer

    Role required: sn_si.admin, sn_si.ingestion_profile_admin

    Procédure

    1. If you are not continuing from the previous section of the incident profile definition process, access the profile you are defining.
      1. Navigate to All > Palo Alto Networks XSIAM > XSIAM Profile.
      2. Select the profile you are continuing to define.
      3. Select Alert Sources in the progress bar.
    2. Clear the All Alert Sources check box to select specific Alert Sources.
      Selecting this check box will retrieve all active Alert Sources from XSIAM.
    3. In the Alert Sources List search field, enter the Alert Source name created in the XSIAM portal.
    4. Select the Alert Source.
    5. Use the right arrow ( >) to move the rule from Available to Selected column.

      Set Alert Sources

    6. Select Continue.

    Que faire ensuite

    Map incident fields