Overview
Objectives
By the end of this course, leaner will be able to:
- Investigate and manage incidents using Cortex XDR’s capabilities.
- Understand and apply Cortex XDR causality and analytics concepts.
- Analyze alerts with Causality and Timeline Views for comprehensive threat visibility.
- Execute remote response actions, such as running scripts, using Cortex XDR Pro.
- Create and manage Cortex XDR rules (BIOC and IOC) and scheduled queries.
Prerequisites
- Familiarity with incident response and threat management practices.
- Basic knowledge of malware and alert management.
- Experience with endpoint security platforms and security information event management (SIEM).
- Understanding of network and endpoint configurations.
- Familiarity with query languages or data analytics (helpful but not required).
Course Outline
- Overview of Cortex XDR’s features, focusing on incident investigation and response tools.
- In-depth exploration of causality and timeline views for effective alert analysis.
- Hands-on configuration of remote actions, such as script execution, to respond to incidents.
- Creating and managing on-demand and scheduled search queries in Cortex XDR.
- Working with Cortex XDR rules (BIOC and IOC), writing XQL queries, and managing Cortex XDR assets and inventories.