Henter data ...
Ring til os
+45 70 23 26 50

Palo Alto: Cortex XDR Training. Deployment, Investigation and Response (EDU-260 / EDU-262). Virtuel in English

Kort navn:

Varighed:


RING 70 23 26 50 eller send en mail og få uforpligtende informationer om, hvor kurset udbydes, datoer, priser og en status på, om kurset har deltagere nok til at det bliver gennemført.

Udbydes kurset ikke i oversigten til højre, så kontakt os endelig for ny dato.

The Palo Alto Networks Cortex XDR: Prevention and Deployment (EDU-260) and Cortex XDR: Investigation and Response (EDU-262) courses are instructor-led training that will enable you to deploy Cortex XDR and use its threat investigation and response functionality.

  

 

Cortex XDR: Prevention and Deployment (EDU-260)

This instructor-led course will guide you in preventing attacks on your endpoints. After an overview of the Cortex XDR components, you’ll dive into the Cortex XDR management console, learn how to install agents, create security profiles and policies, and explore in detail all of the threat prevention capabilities of Cortex XDR, including exploit prevention, malware prevention, and behavioural-based threat prevention.

 

Successful completion of this instructor-led course with hands-on lab activities should enable you to:

  • Describe the architecture and components of the Cortex XDR family
  • Use the Cortex XDR management console, including reporting
  • Create Cortex XDR agent installation packages, endpoint groups, and policies
  • Deploy Cortex XDR agents on endpoints
  • Create and manage Exploit and Malware Prevention profiles
  • Investigate alerts and prioritize them using starring and exclusion policies
  • Tune Security profiles using Cortex XDR exceptions
  • Perform and track response actions in the Action Center
  • Perform basic troubleshooting related to Cortex XDR agents
  • Deploy a Broker VM and activate the Local Agents Settings applet
  • Understand Cortex XDR deployment concepts and activation requirements
  • Work with the Customer Support Portal and Cortex XDR Gateway for authentication and authorization

 

Cortex XDR: Investigation and Response (EDU-262)

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics.

 

You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

 

Multiple modules focus on how to leverage the collected data. You will create simple search queries in one module and XDR rules in another. The course demonstrates how to use specialized investigation views to visualize artifact-related data, such as IP and Hash Views. Additionally, it provides an introduction to XDR Query Language (XQL). The course concludes with Cortex XDR external-data-collection capabilities, including the use of Cortex XDR API to receive external alerts.

 

Successful completion of this instructor-led course with hands-on lab activities should enable participants to:

  • Investigate and manage incidents
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Work with Cortex XDR Pro actions such as remote script execution
  • Create and manage on-demand and scheduled search queries in the Query Center
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Working with Cortex XDR assets and inventories
  • Write XQL queries to search datasets and visualize the result sets
  • Work with Cortex XDR’s external-data collection

 

LET’S GET STARTED!

  • Welcome and introductions
  • Intended audience and course focus
  • Course objectives and modules
  • Learning Center tasks

 

MULTI-METHOD THREAT PREVENTION, ADVANCED DETECTION, INVESTIGATIONS, AND RESPONSES

  • Cortex XDR Agent
  • Cortex XDR Instance
  • Product Offerings and Licenses

Lab: Getting Started

  • Change Endpoint Hostnames
  • Generate Behavioral Script-Based Attacks

 

CORTEX XDR BASIC OPERATING ENVIRONMENT

  • Working with Cortex XDR Cloud Components
  • Working with Cortex XDR Agent

Lab: Exploring Cortex XDR Related Sites

  • Access Cortex XDR Related Sites

 

GETTING STARTED THE MANAGEMENT CONSOLE AND AGENT DEPLOYMENT

  • Cortex XDR Management Console
  • Quick Launcher
  • Typical Management Console Pages
  • Endpoint Management

Lab: Getting Started with Endpoint Management

  • Deploy Cortex XDR Agents
  • Create Static and Dynamic Endpoint Groups

 

CREATING SETTINGS FOR SOME SPECIFIC GROUPS OF ENDPOINTS

  • Profiles
  • Policy Rules
  • Agent Settings Profile
  • Restrictions Profiles

Lab: Creating Policy Rules and Profiles

  • Create Policy Rules and Profiles
  • Work with Restrictions Profiles

 

MULTI-METHOD MALWARE DETECTION AND PREVENTION

  • Malware Profiles
  • Portable Executable and DLL Examination
  • Behavioral Threat Protection
  • Network Packet Inspection Engine
  • Other Malware Protection Modules
  • Endpoint Scanning

Lab: Exploring Cortex XDR Malware Protection

  • Work with Malware Profiles
  • Explore Ransomware Protection
  • Explore Behavioral Threat Protection
  • Test the New Network Packet Inspection Engine

 

INNOVATIVE EXPLOIT DETECTION AND PREVENTION

  • Application Exploit Prevention
  • Exploitation Techniques and Defense Mechanisms
  • Exploit Protection Modules
  • Exploit Profiles
  • Working with Protected Processes

Lab: Exploring Cortex XDR Exploit Protection

  • Exploit Software Vulnerabilities with Metasploit
  • Work with Exploit Profiles

 

WORKING WITH CORTEX XDR ALERTS

  • Cortex XDR Alerts
  • Alert Starring Rules
  • Featured Alert Fields

Lab: Working with Cortex XDR Alerts

  • Working with Cortex XDR Alerts
  • Create Alert Starring and Exclusions
  • Add Featured Host Values

 

TUNING security PROFILES using protection EXCLUSIONS AND exceptions

  • Alert Exclusions
  • Exceptions and Exceptions Profiles
  • Alert Exceptions
  • Global Exceptions

Lab: Tuning Security Policies

  • Work with Exceptions Profiles
  • Create Alert Exceptions

 

CENTRALIZED RESPONSE ACTIONS TO ATTACKS

  • Response Actions Overview
  • Action Center
  • Endpoint Response Actions

Lab: Responding to Attacks

  • Respond to Alerts
  • Perform Actions from the Action Center
  • Work with Live Terminal

 

Working with Cortex XSR Agents

  • Troubleshooting Methodologies and Resources
  • Agent Data Stores
  • Agent Identification
  • Agent Log
  • Working with Technical Support

Lab: Working with Basic Troubleshooting Tools

  • Work with Agent Logs and Data Stores

 

  • Broker VM Introduction
  • Broker VM Deployment

Lab: Deploying Broker VMs

  • Activate and Register Your Broker VM
  • Activate Local Agent Settings (Agent Proxy)
  • Manage Proxy Settings from Agents

 

Cortex XDR Operating Environment

  • CSP Accounts and CSP Users
  • Dependent Services and the Hub
  • Dependent Services: Cortex Data Lake
  • Dependent Services: Cloud Identity Engine
  • Instance Activation
  • Instance Access through RBAC

 

The “Cortex XDR: Investigation and Response” (EDU-262) course covers the following content:

 

  • Welcome and introductions
  • Intended audience and course focus
  • Course objectives and modules
  • Learning Center tasks

 

INTELLIGENTLY GROUPING AND DISPATCHING ALERTS TO THE INCIDENTS

  • Cortex XDR Incidents
  • Working with Incidents
  • Advanced View Tabs
  • Incident Scoring Rules

Lab: Working with Enhanced Endpoint Data

  • Analyze Alerts Stitched with Enhanced Endpoint Data
  • Manage Enhanced Endpoint Data Monitoring from Endpoints

 

DETECTING ATTACKS using normal and abnormal behaviors

  • Causality Analysis Engine: Log Stitching
  • Causality Analysis Engine: Causality Chains
  • Analytics Engine

Lab: Working with Incidents

  • Work with the Advanced Incident View
  • Score Your Incidents
  • Investigate Files Using Hash View

 

CAUSALITY AND TIMELINE ANALYSIS OF ALERTS AND SUSPICIOUS ACTIVITIES

  • Causality View
  • Causality Instance Graph
  • Timeline View

Lab: Causality Analysis of Alerts

  • Analyze Alerts in Causality View

 

ADVANCED RESPONSE ACTIONS IN CORTEX XDR PRO

  • Remediation Suggestions
  • Remote Script Executions
  • Enabling Cortex XDR EDL Service

Lab: Advanced Response Actions

  • Execute Scripts on Endpoints

 

Investigating leads using Cortex XDR tools

  • Building Simple Queries
  • Managing Queries

Lab: Building Search Queries

  • Build and Manage Search Queries

 

Using user-defined indicators of compromises

  • IOC Rules
  • BIOC Rules
  • Custom Prevention Rules
  • IOC/BIOC Suppression Rules
  • Correlation Rules

Lab: Working with Cortex XDR Rules

  • Managing IOC Rules
  • Managing BIOC Rules
  • Custom Prevention Rules

 

DISCOVERY, INVENTORY, AND MANAGEMENT OF NETWORK ASSETS

  • Asset Inventory
  • Network Configuration
  • Vulnerability Assessment

Lab: Working with Network Assets

  • Activate and Register a Broker VM
  • Scan IP Ranges with Network Mapper
  • Investigate IP Addresses Using IP View

 

XDR Query Language (XQL)

  • XQL Search Basics
  • XQL Stages
  • XQL Functions
  • Result Set Visualization

Lab: Getting Started with XQL Queries

  • Get Started with XQL Search Page
  • Create XQL Queries with Multiple Stages
  • Visualize Query Results

 

COLLECTING EXTERNAL ALERTS AND LOGS

  • External Data Collection
  • Dataset Management
  • External Alerts by Cortex XDR API

Lab: Working with External Data

  • Create and Manage Datasets
  • Insert External Alerts Using XDR API

 

Kursusdatoer