Palo Alto Authorized Global Training Partner Logo

Cortex XSIAM Training

Security Operations and Automation 
(EDU-270)

Schedule

Palo Alto Networks Authorized Global Training Partner Logo

Award-winning live online course

Experienced Instructors

Virtual Labs Access

Video Recordings

The “Cortex XSIAM Security Operations and Automation” (EDU-270) course covers the following content:

Course Overview

  • Welcome and introductions
  • Intended audience and course focus
  • Course objectives and agenda
  • Learning Center tasks

Introduction to Cortex XSIAM

  • Overview of XSIAM
  • Features and Functionalities
  • Problems XSIAM Solves

Elements of Security Operations

  • Elements Overview
  • Process
  • Affiliates
  • People
  • Business
  • Visibility
  • Technology

Maturity Model

  • Model Overview
  • Missions and Goals
  • SOC Maturity Framework
  • Heatmap

Agent Deployment and Configuration

  • Agent Deployment and Configuration Overview
  • Profiles and Policies
  • Deployment Requirements

Data Source Ingestion

  • Introduction to Data Source Ingestion
  • Syslog and API Collections Methods
  • Parsers vs. Data Models
  • Log Collection Strategy

Visibility

  • Log Source Best Practices
  • Onboarding Strategy
  • Customizing Dashboards for SOC Needs

Data Model

  • Data Model Overview
  • Process/Approach to Map Events
  • Components of a Data Model

Analytics

  • Analytics Overview
  • Analytics vs. Correlations
  • EALs

Alerting and Detecting

  • XQL
  • Pseudocode
  • Use Case Development Workflow

Attack Surface Management

  • Attack Surface Management Overview
  • Playbooks/Marketplace Content
  • Enable/Disable Attack Surface Rules

Automation

  • Automation Overview
  • Marketplace
  • Playbooks
  • Designing, Building, and Testing Playbooks
  • Using OOTB Content

Incident Handling / SOC

  • Incident Overview
  • Investigative Techniques
  • Remediation of Incidents
  • Workflow Utilization
Palo Alto Training Excellence Award
Palo Alto Networks Online Training

Experience & Passion

The difference is made by our instructors who have many years of field experience which they bring with them into the classroom

Palo Alto Authorized Global Training Partner Logo

“All of my guys enjoyed and valued this course to the maximum.
You will simply love it”

Kamil Golombek at PWC

Kamil Golombek

NIS Cyber Defence Security Perimeter EMEA