Cortex XSIAM Training

​Let the Experience and Passion of our instructor guide you – Consigas is an Authorized Global Training Partner and was recognised with the “Excellence in Training Award” in 2022, 2019 and 2016 by Palo Alto Networks. The difference is made by our instructors, who have many years of field experience, which they bring with them into the classroom.

The “Cortex XSIAM: Security Operations, Integration, and Automation” (3-day course for XSIAM Engineers) course is the recommended instructor-led training for the XDR Engineer certification.

The “Cortex XSIAM: Investigation and Analysis” (2-day course for XSIAM Analysts) course is the recommended instructor-led training for the XDR Analyst certification.

Palo Alto Networks requires students to take the exam at a Pearson Vue test centre.

Recognizing that retention is a challenge in learning, we record our sessions. This allows you to review the training material at your own pace, ensuring better understanding and recall.

You will have access to your own dedicated lab for practical exercises as described in the lab guide. The lab consists of a dedicated Windows VM, a Next-Generation FireWall and a Broker VM as well as access to a shared Cortex XSIAM instance. The lab is available 24h during the week of training, so you can also use it after class for additional practice.

Cortex XSIAM: Security Operations, Integration, and Automation (3-day course for XSIAM Engineers)

• Duration: 3 days (delivered over four full-day sessions – see class schedule)
• Format: Instructor-led lectures and hands-on labs delivered either as live online training or a presential classroom course
• Platform support: Cortex

Cortex XSIAM: Investigation and Analysis (2-day course for XSIAM Analysts)

• Duration: 2 days (delivered over four full-day sessions – see class schedule)
• Format: Instructor-led lectures and hands-on labs delivered either as live online training or a presential classroom course
• Platform support: Cortex

Who Should Attend These Courses?

The Cortex XSIAM training portfolio has been purpose-built for professionals responsible for operational security and analysis within modern Security Operations Centres (SOC). Both courses are highly relevant to organisations leveraging Palo Alto Networks’ industry-leading XSIAM platform for threat detection, investigation, and automated response across diverse infrastructures.

Cortex XSIAM: Security Operations, Integration, and Automation (3-day course)
Recommended for: XSIAM Engineers, Integrators, and SOC Technical Leads

• SOC/CERT/CSIRT/XSIAM engineers and managers

• Managed Security Service Providers (MSSPs) and service delivery partners

• System integrators and solution architects responsible for integrating and automating security platforms

• Internal and external professional services consultants

• Sales engineers, SIEM and automation engineers looking to deepen technical proficiency in XSIAM operations and integrations

This course is ideal for professionals who design, implement, or maintain the XSIAM platform, focusing on integrations, data ingestion, automation workflows, threat intelligence, and operational dashboard optimisation. If your daily work involves getting the most out of XSIAM’s technical capabilities, this course is for you.

Cortex XSIAM: Investigation and Analysis (2-day course)
Recommended for: SOC Analysts, Incident Responders, and Threat Hunters

• SOC/CERT/CSIRT/XSIAM analysts and managers

• Incident responders and threat hunters responsible for detecting and investigating security events

• MSSPs and service delivery partners focused on monitoring and incident response

• System integrators, consultants, and professional services engineers who conduct investigations using Cortex XSIAM

This course is tailored for those who actively investigate incidents, analyse key assets and attack surfaces, and interpret threat intelligence using XSIAM’s investigation tools. If your primary responsibility is incident analysis, alert triage, or forensic investigation within XSIAM, this course is designed for you

Not sure which course to take?

• Technical implementation, automation, and integration? → Choose the 3-day Security Operations, Integration, and Automation course.

• Investigation, incident response, or threat hunting? → Choose the 2-day Investigation and Analysis course.

• Hybrid role or broad responsibility? → Consider both courses for comprehensive coverage.

Still unsure which path fits best? Contact our training advisors—happy to help you find the most effective route for your team’s needs!

No previous Palo Alto Networks experience is required to take this Cortex XSIAM Palo Alto course. Participants should have a foundational understanding of cybersecurity concepts and experience with network or endpoint security fundamentals (for engineers) or security tools and incident analysis (for analysts).

Can I take the course online?
Yes, we are offering all courses as instructor-led online training. Students join a web meeting (Zoom), which the instructor uses to explain all the topics using the official Palo Alto Networks training slides and a lot of whiteboarding and live demos. In addition, students have access to their own dedicated lab to put the theory into practice. We have been running Palo Alto Networks courses online since 2013, and with this, our instructors have gained a lot of experience in delivering virtual classes.

Do you offer classroom training?
Yes, we offer classroom training as public classes in our own facilities or dedicated training at the customer’s premises. Please check the availability of public classroom courses under “Price and Dates” or request a quote for dedicated on-site training.

Will I receive an official coursebook?
Yes, you will receive the official Palo Alto Networks coursebook. It includes all the slides and a more detailed description of the topic shown in the slide. We will also record the training, and the instructor will share the videos and the whiteboard drawings that he presented during class. The coursebook is provided as an OnSecure Secure eBook.

Can I print the electronic coursebook?
Yes, Palo Alto Networks allows printing the electronic coursebook via the eBook reader.

Will I receive an official certificate of completion?
Yes, you will be able to download an official certificate of completion from Palo Alto Networks Learning Center after attending the course.