Cortex XDR: Investigation and Response

Live Online (VILT) & Classroom Corporate Training Course

paloalto-logo

Gain hands-on experience in incident investigation and response using Cortex XDR. This course covers causality analysis, remote actions, advanced queries, and rule management.

How can we help you?

  • CloudLabs
  • Projects
  • Assignments
  • 24x7 Support
  • Lifetime Access

Cortex XDR: Investigation and Response

Overview

Cortex XDR: Investigation and Response – This two-day, instructor-led course with hands-on labs is designed for security operations professionals to gain expertise in investigating and managing incidents using Cortex XDR. Through interactive labs, participants will explore Cortex XDR’s causality analysis, perform incident response actions, and utilize advanced query and data collection features.

Objectives

By the end of this course, leaner will be able to:

  • Investigate and manage incidents using Cortex XDR’s capabilities.
  • Understand and apply Cortex XDR causality and analytics concepts.
  • Analyze alerts with Causality and Timeline Views for comprehensive threat visibility.
  • Execute remote response actions, such as running scripts, using Cortex XDR Pro.
  • Create and manage Cortex XDR rules (BIOC and IOC) and scheduled queries.

Prerequisites

  • Familiarity with incident response and threat management practices.
  • Basic knowledge of malware and alert management.
  • Experience with endpoint security platforms and security information event management (SIEM).
  • Understanding of network and endpoint configurations.
  • Familiarity with query languages or data analytics (helpful but not required).

Course Outline

Module 1 : Introduction to Cortex XDR2024-11-09T06:52:30+05:30
  • Overview of Cortex XDR’s features, focusing on incident investigation and response tools.
Module 2 : Causality and Analytics in Cortex XDR2024-11-09T06:53:17+05:30
  • In-depth exploration of causality and timeline views for effective alert analysis.
Module 3 : Managing Cortex XDR Pro Actions2024-11-09T06:54:10+05:30
  • Hands-on configuration of remote actions, such as script execution, to respond to incidents.
Module 4 : Advanced Querying with the Query Center2024-11-09T06:55:09+05:30
  • Creating and managing on-demand and scheduled search queries in Cortex XDR.
Module 5 : Rules and Data Management2024-11-09T06:55:53+05:30
  • Working with Cortex XDR rules (BIOC and IOC), writing XQL queries, and managing Cortex XDR assets and inventories.
2024-11-22T14:31:40+05:30

Title

Go to Top