Cortex XDR Training

Deployment, Investigation and Response (EDU-260/262)

Reserve for free Schedule

Award-winning live online course

Experienced Instructor

Virtual Lab Access

Video Recordings

Get a quote for Business

What you’ll learn

The Palo Alto Networks Cortex XDR: Prevention and Deployment (EDU-260) and Cortex XDR: Investigation and Response (EDU-262) courses are instructor-led training that will enable you to deploy Cortex XDR and use its threat investigation and response functionality.

Cortex XDR: Prevention and Deployment (EDU-260)

This instructor-led course will guide you in preventing attacks on your endpoints. After an overview of the Cortex XDR components, you’ll dive into the Cortex XDR management console, learn how to install agents, create security profiles and policies, and explore in detail all of the threat prevention capabilities of Cortex XDR, including exploit prevention, malware prevention, and behavioural-based threat prevention.

Successful completion of this instructor-led course with hands-on lab activities should enable you to:

Describe the architecture and components of the Cortex XDR family
Use the Cortex XDR management console, including reporting
Create Cortex XDR agent installation packages, endpoint groups, and policies
Deploy Cortex XDR agents on endpoints
Create and manage Exploit and Malware Prevention profiles
Investigate alerts and prioritize them using starring and exclusion policies
Tune Security profiles using Cortex XDR exceptions
Perform and track response actions in the Action Center
Perform basic troubleshooting related to Cortex XDR agents
Deploy a Broker VM and activate the Local Agents Settings applet
Understand Cortex XDR deployment concepts and activation requirements
Work with the Customer Support Portal and Cortex XDR Gateway for authentication and authorization

Cortex XDR: Investigation and Response (EDU-262)

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics.

You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

Multiple modules focus on how to leverage the collected data. You will create simple search queries in one module and XDR rules in another. The course demonstrates how to use specialized investigation views to visualize artifact-related data, such as IP and Hash Views. Additionally, it provides an introduction to XDR Query Language (XQL). The course concludes with Cortex XDR external-data-collection capabilities, including the use of Cortex XDR API to receive external alerts.

Successful completion of this instructor-led course with hands-on lab activities should enable participants to:

Investigate and manage incidents
Describe the Cortex XDR causality and analytics concepts
Analyze alerts using the Causality and Timeline Views
Work with Cortex XDR Pro actions such as remote script execution
Create and manage on-demand and scheduled search queries in the Query Center
Create and manage the Cortex XDR rules BIOC and IOC
Working with Cortex XDR assets and inventories
Write XQL queries to search datasets and visualize the result sets
Work with Cortex XDR’s external-data collection

Please see the course content for the detailed agenda.

Get a taste of the course by watching the video in this blog post, where one of our instructors was teaching a sample on Cortex XDR Incident Management and Alert Analysis.

Best Practices & Real Life Experience

Let the Experience and Passion of our instructor guide you – Consigas is an Authorized Global Training Partner and was recognised with the “Excellence in Training Award” in 2022, 2019 and 2016 by Palo Alto Networks. The difference is made by our instructors, who have many years of field experience, which they bring with them into the classroom.

Our instructors are security consultants who design, implement, migrate, manage and support Palo Alto Networks solutions. It’s this experience that they bring into the classroom to explain not only the theory but also how to use Cortex XDR in real life. Customers tell us that this is the most valuable thing for them and that this is what differentiates our Palo Alto 260 & 262 training from most other training partners.

Video Recordings

Recognizing that retention is a challenge in learning, we record our sessions. This allows you to review the training material at your own pace, ensuring better understanding and recall.

Lab Access for 3 month

You will have access to your own dedicated lab which you can use not only during the class but for a full three months without any time or usage limit. Your virtual lab consists of a dedicated Windows and a Linux Client as well as access to a shared Cortex XDR instance for practical exercises as described in the lab guide.

Certification

The Cortex XDR: Prevention and Deployment (EDU-260) and Cortex XDR: Investigation and Response (EDU-262) courses cover all the content required for the Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA).

Palo Alto Networks requires students to take the exam at a Pearson Vue test centre or via Online Proctoring.

Scope

Cortex XDR: Prevention and Deployment (EDU-260)

Level: Intermediate
Duration: 3 days (delivered either over three full-day or five half-day sessions – see class schedule)
Format: Instructor-led lectures and hands-on labs delivered either as live online training or presential classroom course
Platform support: Palo Alto Networks Cortex XDR Pro per endpoint

Cortex XDR: Investigation and Response (EDU-262)

Level: Advanced
Duration: 2 days (delivered either over two full-day or four half-day sessions – see class schedule)
Format: Instructor-led lectures and hands-on labs delivered either as live online training or presential classroom course
Platform support: Palo Alto Networks Cortex XDR Pro per endpoint

Target Audience

Security Operations Specialists and Engineers should take the “Cortex XDR: Prevention and Deployment” (EDU-260) training course to learn about the fundamental functionality of Cortex XDR and it’s deployment.

Cybersecurity Analysts should take both the “Cortex XDR: Prevention and Deployment” (EDU-260) and Cortex XDR: Investigation and Response (EDU-262) training courses to learn about the fundamental threat prevention capabilities of Cortex XDR and how to use it for threat investigation and response.

Prerequisites

Cortex XDR: Prevention and Deployment (EDU-260)

No previous Palo Alto Networks experience is required to take this Cortex XDR EDU 260 Palo Alto course, while familiarity with enterprise security concepts is recommended.

Cortex XDR: Investigation and Response (EDU-262)

The “Cortex XDR: Prevention and Deployment” (EDU-260) course or equivalent practical experience working with the Palo Alto Networks Cortex XDR is a recommended prerequisite to taking this EDU 262 Palo Alto Cortex XDR training.

FAQ

Can I take the Palo Alto 260/262 course online?
Yes, we are offering all courses as instructor-led online training. Students join a web meeting (Zoom), which the instructor uses to explain all the topics using the official Palo Alto Networks training slides as well as a lot of whiteboarding and live demos. In addition, students have access to their own dedicated lab to put the theory into practice. We have been running Palo Alto Networks courses online since 2013, and with this, our instructors have gained a lot of experience in delivering virtual classes.

Do you offer classroom training?
Yes, we offer classroom training as public classes in our own facilities or dedicated training at the customer’s premises. Please check the availability of public classroom courses under “Price and Dates” or request a quote for dedicated on-site training.

Will I receive an official coursebook?
Yes, you will receive the official Palo Alto Networks coursebook. It includes all the slides and a more detailed description of the topic shown in the slide. We will also record the training, and the instructor will share the videos and the whiteboard drawings that he presented during class. The coursebook is provided as an OnSecure Secure eBook.

Can I print the electronic coursebook?
Yes, Palo Alto Networks allows printing the electronic coursebook via the eBook reader.

Will I receive an official certificate of completion?
Yes, you will be able to download an official certificate of completion from Palo Alto Networks Learning Center after attending the course.

“Students Love Our Instructors”