Palo Alto Authorized Global Training Partner Logo

Cortex XDR Training

Prevention, Analysis and Response (EDU-260)

Palo Alto Networks Authorized Global Training Partner Logo

Award-winning live online course

Experienced Instructor

Virtual Lab Access

Video Recordings

What you’ll learn

The Palo Alto Networks Cortex XDR: Prevention, Analysis, and Response (EDU-260) course for advanced endpoint protection and remediation is an instructor-led training that will help you to:

  • Differentiate the architecture and components of the Cortex XDR family
  • Activate XDR, deploy the agents, and work with the management console
  • Work with the management console, describe a typical management page and work with the tables and filters
  • Create agent installation packages, endpoint groups, policies, and profiles
  • Create and manage exploit and malware profiles, and perform response actions
  • Differentiate BIOC and IOC rules, and create and manage them
  • Describe the Cortex XDR causality analysis and analytics concepts
  • Triage and investigate alerts and incidents, and create alert starring and exclusion policies
  • Work with the Causality and Timeline Views and investigate threats in the Query Center
  • Enable the Host Insights add-on and work with the insights and the Asset View
  • Use Vulnerability Assessment, and work with the Asset Management and the IP View

The Cortex XDR course teaches students how the agent protects against exploits and malware-driven attacks. In hands-on lab exercises, students will explore and configure the management platform and install XDR agent as well as relevant components; create security policies and profiles to protect endpoints against multi-stage, fileless attacks built using malware and exploits; respond to attacks using response actions; understand behavioural threat analysis, log stitching, agent-provided enhanced endpoint data, and causality analysis; investigate and triage attacks using the incident management page and analyze alerts using the Causality and Timeline analysis views; use API to insert alerts; create BIOC rules, and search a lead in raw data sets in Cortex Data Lake using the Query Builder. Please see the course content for the detailed agenda.


Get a taste for the course by watching the video in this blog post where one of our instructors was teaching a sample module on Cortex XDR Incident Management at Palo Alto Networks Ignite conference.

Best Practices & Real Life Experience

​Let the Experience and Passion of our instructor guide you – Consigas is an Authorized Global Training Partner and was recognised with the “Excellence in Training Award” in 2019 and 2016 by Palo Alto Networks. The difference is made by our instructors who have many years of field experience which they bring with them into the classroom.

All of our instructors are security consultants that design, implement, migrate, manage and support Palo Alto Networks solutions all day, every day. It’s this experience that they bring into the classroom to explain not only the theory but how to use the FireWall in real-life. Customers tell us that this is most valuable for them and what differentiates our training from most other training partners.

Video Recordings

It’s impossible to remember everything in live training, which is why we are recording the online class and share the video with you. If you like to start studying right away, we can share the videos of a previous course and lab access immediately once your booking is confirmed.

Lab Access for 3 month

You will have access to your own dedicated lab which you can use not only during the class but for a full three months without any time or usage limit. Your virtual lab consists of a dedicated Windows and a Linux Client as well as access to a shared Cortex XDR instance for practical exercises as described in the lab guide.


The Cortex XDR: Prevention, Analysis, and Response (EDU-260) course is not linked to any Palo Alto Networks certification.


  • Level: Intermediate
  • Duration: 3 days (delivered either over three full-day or five half-day sessions – see class schedule)
  • Format: Instructor-led lecture and hands-on labs delivered either as live online training or presential classroom course
  • Platform support: Palo Alto Networks Cortex XDR Pro per endpoint and Pro per TB

Target Audience

Cybersecurity Analysts and Engineers

Security Operations Specialists


Participants must be familiar with enterprise security concepts to take this Palo Alto Cortex XDR training.


Can I take the Palo Alto 260 course online?
Yes, we are offering all courses as instructor-led online training. Students join a web meeting (Zoom) which the instructor uses to explain all the topics using the official Palo Alto Networks training slides as well as a lot of whiteboarding and live demos. In addition, students have access to their own dedicated lab to put the theory into practice. We are running Palo Alto Networks courses online since 2013, and with this, our instructors have gained a lot of experience in delivering virtual classes.


Do you offer classroom training?
Yes, we offer classroom training as public classes in our own facilities or dedicated training at the customer’s premises. Please check the availability of public classroom courses under “Price and Dates” or request a quote for dedicated on-site training.


Will I receive an official coursebook?
Yes, you will receive the official Palo Alto Networks coursebook. It includes all the slides and a more detailed description of the topic shown in the slide. We will also record the training, and the instructor will share the videos and the whiteboard drawings that he presented during class. The coursebook can be chosen in electronic version as an OnSecure Secure eBook or as a hardcopy. Please note that to deliver a hardcopy coursebook in time, we require a confirmed course booking at least ten business days before the class’s start.


Can I print the electronic coursebook?
Yes, Palo Alto Networks allows printing the electronic coursebook via the eBook reader.


Will I receive an official certificate of completion?
Yes, we will send you an official Palo Alto Networks certificate of completion after attending the course.

“Students Love Our Instructors”

Palo Alto Training Excellence Award
Palo Alto Networks Online Training

Experience & Passion

The difference is made by our instructors who have many years of field experience which they bring with them into the classroom

Palo Alto Authorized Global Training Partner Logo

Top Companies choose Consigas to build in-demand firewall skills

Top Companies choose Consigas to build in-demand firewall skills