Overview
Objectives
By the end of this course, leaner will be able to:
- Implement Cortex XSOAR integrations to streamline security operations.
- Design and customize playbooks to automate repetitive workflows.
- Create incident-page layouts and configure features for enhanced case management.
- Develop and deploy a comprehensive playbook for phishing incident response.
- Understand best practices for managing analyst workflows with Cortex XSOAR.
Prerequisites
- Basic knowledge of Security Operations Center (SOC) processes.
- Familiarity with incident response and case management.
- Experience with automation or scripting (Python is advantageous).
- Knowledge of phishing and related threat vectors.
- Basic understanding of SOAR and its applications in security operations.
Course Outline
- Overview of Cortex XSOAR’s architecture and primary functionalities in security orchestration.
- Step-by-step guide to setting up integrations for resource orchestration across various security tools.
- Hands-on creation and deployment of playbooks to automate standard SOC workflows, focusing on phishing.
- Configuring incident-page layouts to facilitate efficient case management and improve response times.
- Best practices for using Cortex XSOAR’s automation and orchestration features to streamline analyst workflows.