Exam XSIAM-Engineer Topic 3 Question 172 Discussion
Actual exam question for Palo Alto Networks's XSIAM-Engineer exam
Question #: 172
Topic #: 3
Question #: 172
Topic #: 3
A large enterprise is deploying XSIAM and needs to integrate its existing Okta Universal Directory for user authentication and authorization. The security team also wants to automate the creation of XSIAM incidents for failed authentication attempts. Which of the following XSIAM integration mechanisms are most appropriate to achieve both requirements efficiently and securely, and what data types would typically be exchanged?
Suggested Answer: B Vote an answer
SAML 2.0 is the standard and most secure way to integrate an IdP like Okta for SSO with XSIAM, providing seamless user authentication. For failed authentication incidents, an API-based integration with an XSIAM playbook is preferred. This allows for real-time or near real-time fetching of specific events (e.g., failed logins) from Okta's API, enabling automated incident creation and enrichment within XSIAM. Syslog or CEF over UDP might lose events and lack the rich context or granular control offered by an API for incident automation.
by Christian at May 11, 2026, 02:51 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).