Skip to main content

Download With Dependencies Package to fetch alerts from and threat hunting

Integrate with Cloud SIEM to automatically remediate security incidents identified by and increase observability into incident details.
The integration allows Cortex XSOAR users to automatically remediate incidents identified by Cloud SIEM using Cortex XSOAR Playbooks.
In addition, users can query directly from Cortex XSOAR to investigate open questions or retrieve the logs responsible for triggering security rules.

What does this pack do? Handle Alert: used to handle alerts retrieved from
The playbook will retrieve the related events that generated the alert using the logzio-get-logs-by-event-id command
Logzio_Indicator_Hunting: This playbook queries in order to hunt indicators such as

  • File Hashes
  • IP Addresses
  • Domains
  • URLS
    And outputs the related users, IP addresses, host names for the indicators searched.

As part of this pack you will also get out of the box incident types and fields mapping for the information coming from Cloud SIEM which are adjustable and customisable.

For more information. Visit our Website & Cortex XSOAR Integration doc



Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedNovember 9, 2020
Last ReleaseAugust 30, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.