Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

Palo Alto Networks EDU-262

EDU-262 for Cortex XDR, Cortex XDR: Investigation and Response (14 Training Credits)

Description

The first part of this instructor-led training enables you to investigate attacks from Cortex XDR management console pages, including the Incidents page and specialized artifact analysis views such as the IP View. In the first part, you will also learn how to run remote Python scripts on your endpoints.

The second part of the training enables you to work with Cortex XDR data processing capabilities to protect your environment against advanced threats such as fileless attacks. For example, in this part you will analyze alerts in the Causality View. Also, you will learn about Cortex XDR data collection capabilities, including Cortex XDR API for ingesting external alerts, and leverage the data to investigate threats. The training ends up with introductory modules to XDR Query Language XQL and two Pro features based-on Cortex XDR XQL engine.

Course Modules

  1. Cortex XDR Incidents
  2. Investigation Views
  3. Advanced Response Actions
  4. Causality and Analytics Concepts
  5. Causality Analysis of Alerts
  6. Building Basic Search Queries
  7. Building Basic XDR Rules
  8. External Data Collection
  9. Introduction to XQL
  10. Correlation and Parsing Rules

Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable the students to:

  • Investigate attacks on the incidents page, and score, assign, and close them
  • Investigate artifacts using the specialized views such as IP View and Hash View
  • Work with Cortex XDR Pro actions: the remote script execution and EDL service
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Create and manage on-demand and scheduled search queries in the Query Center
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Work with the Cortex XDR’s external data ingestion support
  • Write XQL queries to search datasets and visualize the result sets
  • Create simple Correlation Rules and Parsing Rules using XQL

Palo Alto Networks Education

The technical curriculum developed and authorized by Palo Alto Networks and delivered by Palo Alto Networks Authorized Training Partners helps provide the knowledge and expertise that prepare you to protect our digital way of life. Our trusted certifications validate your knowledge of the Palo Alto Networks product portfolio and your ability to help prevent successful cyberattacks and safely enable applications.

Prerequisites

Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).

Target Audience

Cybersecurity analysts and engineers, and security operations specialists

Similar courses

Palo Alto Networks EDU-210

Firewall Essentials: Configuration and Management (EDU-210) (35 Training Credits)

More Information
Palo Alto Networks EDU-330

Firewall: Troubleshooting (21 Training Credits)

More Information
Palo Alto Networks EDU-220

Panorama: Managing Firewalls at Scale (14 Training Credits)

More Information
Palo Alto Networks EDU-260

Cortex XDR: Prevention and Deployment ( 21 Training Credits)

More Information
Palo Alto Networks Basic Administrator

Palo Alto Networks, Basic Firewall Administration Training

More Information
Palo Alto Networks PCNSE Exam Workshop (Partner Only)

Palo Alto Networks, PCNSE Exam Prep Workshop

More Information
Palo Alto Networks EDU-318

Prisma Access SASE Security: Design and Operation (28 Training Credits)

More Information
Palo Alto Networks EDU-380

Cortex™ XSOAR Automation and Orchestration (EDU-380) (28 Training Credits)

More Information
Palo Alto Network EDU-238

Prisma SD-WAN: Design and Operation (EDU-238) (35 Training Credits)

More Information

Press enter to see more results