Henter data ...
Ring til os
+45 70 23 26 50

Palo Alto: Cortex XSIAM Training. Security Operations, Automation, Investigation and Analysis. Replace EDU-270. Live virtuel in English

Kort navn:

Varighed:


RING 70 23 26 50 eller send en mail og få uforpligtende informationer om, hvor kurset udbydes, datoer, priser og en status på, om kurset har deltagere nok til at det bliver gennemført.

Udbydes kurset ikke i oversigten til højre, så kontakt os endelig for ny dato.

Role-Based Mastery for Next-Gen Security Operations

With the retirement of the “Cortex XSIAM: Security Operations and Automation” (EDU-270), Palo Alto Networks now offers two purpose-built courses that reflect the evolving needs of security teams. These courses empower both engineers and analysts to master Cortex XSIAM’s powerful capabilities—each with a targeted curriculum focused on the skills you need most.

  

Cortex XSIAM: Security Operations, Integration, and Automation (3-day Engineer Course)

In this hands-on, instructor-led course, you’ll learn how to:

  • Architect and integrate Cortex XSIAM with your network and endpoints, including XDR collectors, NGFWs, Broker VMs, and more.
  • Ingest and analyse data using XQL, building advanced queries for detection, response, and reporting.
  • Configure threat intelligence management features, automate workflows, and manage indicators to operationalise intelligence and respond faster.
  • Develop and optimise automation for streamlined incident handling and operational efficiency.
  • Customise dashboards and reports to visualise security metrics and drive better decision-making across your organisation.

Cortex XSIAM: Investigation and Analysis (2-day Analyst Course)

This targeted course focuses on incident response and investigation using Cortex XSIAM. You’ll learn how to:

  • Investigate security incidents and analyse key assets, artefacts, and the causality chain.
  • Use advanced XQL queries to extract meaningful security insights from vast log data.
  • Utilise XSIAM’s tools and resources for comprehensive incident analysis and threat hunting.
  • Manage alerts, threat intelligence, and attack surfaces to support faster, more effective investigations.
  • Build custom dashboards and reports tailored for analysis and stakeholder communication.

Why the change?

These two new courses fully replace the previous “Cortex XSIAM: Security Operations and Automation” (EDU-270). By splitting content into dedicated engineer and analyst tracks, you’ll gain deeper, role-specific expertise and hands-on skills directly aligned to your responsibilities.

Whether you’re responsible for integrating and automating your XSIAM platform, or investigating and responding to security incidents, these courses ensure you’ll be ready to protect your organisation with the very latest tools and techniques from Palo Alto Networks.

  • Welcome and Introductions
  • Intended Audience and Course Focus
  • Course Objectives and Agenda
  • Lab Topology

  • Overview of XSIAM
  • Features and Functionalities
  • Problems XSIAM Solves

  • Agents
  • XDR Collectors
  • PANW NGFW
  • Broker VM
  • Engines
  • Cloud Identity Engine

  • Introduction and Overview of XQL
  • XQL Components
  • Parsing
  • Data Models

  • Custom IOCs/BIOCs
  • Correlation Rules

  • Marketplace
  • Dev/Prod
  • API (Ingestion)
  • API (Automation)
  • Custom

  • Introduction to Automation
  • Marketplace
  • Playbooks
  • Scripts

  • TIM Overview
  • Automation and Feed Integrations
  • External Dynamic Lists
  • Jobs
  • TIM Indicator Rules

  • Attack Surface Management
  • Attack Surface Rules
  • Attack Surface Testing

  • Fields and Layouts
  • XQL Widgets
  • Dynamic Dashboards

The “Cortex XSIAM: Investigation and Analysis” (2-day course for XSIAM Analysts) course covers the following content:

  • Welcome and introductions
  • Intended audience and course focus
  • Course objectives and agenda
  • Learning Center tasks

  • Overview of XSIAM
  • Features and Functionalities
  • Problems XSIAM Solves

  • Using XSIAM for Endpoint Detection and Response
  • Endpoint Security
  • Investigating Endpoints

  • Introduction and Overview of XQL
  • XQL Components
  • Understanding Data Models

  • Using Alert Correlation Features
  • Alert Causality
  • Incident Prioritization
  • Incident Statuses

  • Threat Intel Management
  • Indicator Configuration
  • Indicator Investigation

  • Automation Overview
  • Work Plan and Playbook Tasks
  • Context Data
  • Creating and Managing Jobs
  • Using OOTB Content

  • Attack Surface Management
  • Asset Inventory
  • ASM Investigation

  • Introduction to Incident Handling
  • Incident Investigation and Response
  • Managing Incidents
  • Alert Investigation
  • Cortex Copilot

  • Customizing Dashboards
  • Generating and Scheduling Custom Reports

Kursusdatoer