Solutions for: I

Consigas

Palo Alto Networks Training

Palo Alto Authorized Global Training Partner Logo

Cortex XSIAM Training

Security Operations, Automation, Investigation and Analysis

Schedule

Palo Alto Networks Authorized Global Training Partner Logo

Award-winning live online course

Experienced Instructors

Virtual Labs Access

Video Recordings

The “Cortex XSIAM: Security Operations, Integration, and Automation” (3-day course for XSIAM Engineers) course covers the following content:

Course Introduction

  • Welcome and Introductions
  • Intended Audience and Course Focus
  • Course Objectives and Agenda
  • Lab Topology

Overview of Cortex XSIAM

  • Overview of XSIAM
  • Features and Functionalities
  • Problems XSIAM Solves

Software Components

  • Agents
  • XDR Collectors
  • PANW NGFW
  • Broker VM
  • Engines
  • Cloud Identity Engine

XQL

  • Introduction and Overview of XQL
  • XQL Components
  • Parsing
  • Data Models

Detection Engineering

  • Custom IOCs/BIOCs
  • Correlation Rules

Integrations

  • Marketplace
  • Dev/Prod
  • API (Ingestion)
  • API (Automation)
  • Custom

Automation

  • Introduction to Automation
  • Marketplace
  • Playbooks
  • Scripts

Threat Intel Management

  • TIM Overview
  • Automation and Feed Integrations
  • External Dynamic Lists
  • Jobs
  • TIM Indicator Rules

Attack Surface Management

  • Attack Surface Management
  • Attack Surface Rules
  • Attack Surface Testing

UI Customizations

  • Fields and Layouts
  • XQL Widgets
  • Dynamic Dashboards

The “Cortex XSIAM: Investigation and Analysis” (2-day course for XSIAM Analysts) course covers the following content:

Course Introduction

  • Welcome and introductions
  • Intended audience and course focus
  • Course objectives and agenda
  • Learning Center tasks

Introduction to Cortex XSIAM

  • Overview of XSIAM
  • Features and Functionalities
  • Problems XSIAM Solves

Endpoints

  • Using XSIAM for Endpoint Detection and Response
  • Endpoint Security
  • Investigating Endpoints

XQL

  • Introduction and Overview of XQL
  • XQL Components
  • Understanding Data Models

Alerting and Detection

  • Using Alert Correlation Features
  • Alert Causality
  • Incident Prioritization
  • Incident Statuses

Threat Intel Management

  • Threat Intel Management
  • Indicator Configuration
  • Indicator Investigation

Automation

  • Automation Overview
  • Work Plan and Playbook Tasks
  • Context Data
  • Creating and Managing Jobs
  • Using OOTB Content

Attack Surface Management

  • Attack Surface Management
  • Asset Inventory
  • ASM Investigation

Incident Handling

  • Introduction to Incident Handling
  • Incident Investigation and Response
  • Managing Incidents
  • Alert Investigation
  • Cortex Copilot

Dashboards and Reports

  • Customizing Dashboards
  • Generating and Scheduling Custom Reports
Palo Alto Training Excellence Award
Palo Alto Networks Online Training

Experience & Passion

The difference is made by our instructors who have many years of field experience which they bring with them into the classroom

Palo Alto Authorized Global Training Partner Logo

“All of my guys enjoyed and valued this course to the maximum.
You will simply love it”

Kamil Golombek at PWC

Kamil Golombek

NIS Cyber Defence Security Perimeter EMEA