Cortex XSIAM Security Operations, Integration and Automation
Cortex XSIAM Security Operations, Integration and Automation
Description
XSIAM is the industry's most comprehensive security incident and asset management platform, offering extensive coverage for securing and managing infrastructure, workloads, and applications across multiple environments.
Throughout this course, you will explore the key features of Cortex XSIAM.
This course is designed to enable you to:
• Describe how endpoint agents, XDR collectors, NGFWs, and Broker VMs secure networks and devices.
• Query and analyze logs using XQL for data ingestion and detection.
• Configure Threat Intel Management features, automate workflows, and apply EDLs and indicator rules.
Course Modules
0 - Course Overview
1 - Overview of Cortex XSIAM
2 - Software Components
3 - XQL
4 - Detection Engineering
5 - Integrations
6 - Automation
7 - Threat Intel Management
8 - Attack Surface Management
9 - UI Customizations
Scope
- Duration: 3 days
- Format: Lecture and hands-on labs
- Platform support: Cortex
Objectives
The course is designed to enable cybersecurity professionals, particularly
those in SOC/CERT/CSIRT and engineering roles, to use XSIAM.
The course reviews XSIAM intricacies, from fundamental components to
advanced strategies and techniques, including skills needed to configure
security integrations, develop automation workflows, manage indicators, and
optimize dashboards for enhanced security operations.
Palo Alto Networks Education
The technical curriculum developed by Palo Alto Networks and delivered by
Palo Alto Networks Authorized Training Partners helps provide the
knowledge and expertise you need to protect our digital way of life.
Our trusted certifications validate your knowledge of the Palo Alto Networks
product portfolio and your ability to help prevent successful cyberattacks.
Prerequisites
Participants should have a foundational understanding of cybersecurity
principles and experience with network and endpoint security fundamentals.
Target Audience
SOC/CERT/CSIRT/XSIAM engineers and managers, MSSPs and service
delivery partners/system integrators, internal and external professional services consultants and sales engineers, SIEM and automation engineers.