Palo Alto ATC Logo
  1. Training
  2. Vendors
  3. Palo Alto Networks
  4. Palo Alto Networks EDU-262

Palo Alto Networks EDU-262

Cortex XDR: Investigation and Response for Cortex XDR 3.1

Palo Alto ATC Logo

Please note: In the online format, the course lasts four days from 14:00-17:30 or 9:00-12:30 (Irish Time) each day.

The first part of this instructor-led training enables you to investigate attacks from Cortex XDR management console pages, including the Incidents page and specialized artifact analysis views such as the IP View. You will also learn how to run remote Python scripts on your endpoints.

The second part of the training enables you to work with Cortex XDR data processing capabilities to protect your environment against advanced threats such as fileless attacks. For example, in this part you will analyze alerts in the Causality View. Also, you will learn about Cortex XDR data collection capabilities, including Cortex XDR API for ingesting external alerts, and leverage the data to investigate threats. The training ends up with introductory modules to XDR Query Language XQL and two Pro features based-on Cortex XDR XQL engine.

Course Contents

  • Cortex XDR Incidents
  • Causality and Analytics Concepts
  • Causality Analysis of Alerts
  • Advanced Response Actions
  • Building Search Queries
  • Building XDR Rules
  • Investigation Views
  • Introduction to XQL
  • External Data Collection

Target Group

Cybersecurity analysts and engineers, and security operations specialists

Knowledge Prerequisites

Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment)

Complementary and Continuative Courses

For customers using Cortex XDR Prevent, the recommended course is Cortex XDR: Prevention and Deployment (EDU-260), while customers using Cortex XDR Pro should take both Cortex XDR: Prevention and Deployment (EDU-260) and Cortex XDR: Investigation and Response (EDU-262). 

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.

Please note: In the online format, the course lasts four days from 14:00-17:30 or 9:00-12:30 (Irish Time) each day.

The first part of this instructor-led training enables you to investigate attacks from Cortex XDR management console pages, including the Incidents page and specialized artifact analysis views such as the IP View. You will also learn how to run remote Python scripts on your endpoints.

The second part of the training enables you to work with Cortex XDR data processing capabilities to protect your environment against advanced threats such as fileless attacks. For example, in this part you will analyze alerts in the Causality View. Also, you will learn about Cortex XDR data collection capabilities, including Cortex XDR API for ingesting external alerts, and leverage the data to investigate threats. The training ends up with introductory modules to XDR Query Language XQL and two Pro features based-on Cortex XDR XQL engine.

Course Contents

  • Cortex XDR Incidents
  • Causality and Analytics Concepts
  • Causality Analysis of Alerts
  • Advanced Response Actions
  • Building Search Queries
  • Building XDR Rules
  • Investigation Views
  • Introduction to XQL
  • External Data Collection

Target Group

Cybersecurity analysts and engineers, and security operations specialists

Knowledge Prerequisites

Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment)

Complementary and Continuative Courses

For customers using Cortex XDR Prevent, the recommended course is Cortex XDR: Prevention and Deployment (EDU-260), while customers using Cortex XDR Pro should take both Cortex XDR: Prevention and Deployment (EDU-260) and Cortex XDR: Investigation and Response (EDU-262). 

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses

PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.
Duration & Prices
Prices excl. V.A.T.
Classes in Germany
2 days
€ 1,795
Online training
2 days
€ 1,795
ExperTeach Identifier
P262
Date City
20240606 1 3 06/06/-06/07/24 Garantietermin Symbol Hybrid Training Symbol Deutsche Flagge Frankfurt
20240606 1 3 06/06/-06/07/24 Garantietermin Symbol Hybrid Training Symbol Deutsche Flagge Live Online
20241205 2 3 12/05/-12/06/24 Hybrid Training Symbol Deutsche Flagge Frankfurt
20241205 2 3 12/05/-12/06/24 Hybrid Training Symbol Deutsche Flagge Live Online

Garantietermin Symbol Guaranteed with the next booking

Hybrid Training Symbol Hybrid Training

Deutsche Flagge Trainer language German