-
With the discontinuation of the Cortex XSIAM: Security Operations and Automation (EDU-270) course, Palo Alto Networks now offers two specially designed courses to meet the evolving needs of security teams. By splitting the content into specific courses for engineers "Cortex XSIAM: Security Operations, Integration, and Automation" and analysts "Cortex XSIAM: Investigation and Analysis", you will gain in-depth, role-specific expertise and practical skills that are directly aligned with your areas of responsibility.
In English-language online format (dates are marked with an English flag in this case), the course lasts two days from 9.00-17.00 (UK Time).
-
XSIAM is the industry's most comprehensive security incident and asset management platform, providing comprehensive capabilities for securing and managing infrastructure, workloads and applications across multiple environments.
In this training you will learn the key features of Cortex XSIAM. The course is designed to enable cybersecurity professionals, especially those in SOC/CERT/CSIRT and security analyst roles, to utilize XSIAM. The training covers the intricacies of XSIAM, from the basic components to advanced strategies and techniques, including the skills required for incident response, automation and cybersecurity orchestration.
-
Course Contents
-
- Introduction to Cortex XSIAM
- Endpoints
- XQL
- Alerting and Detection
- Threat Intel Management
- Automation
- Attack Surface Management
- Incident Handling
- Dashboards and Reports
You will receive the original course documentation by Palo Alto in English language as an e-book.
-
Target Group
-
SOC/CERT/CSIRT/XSIAM analysts and managers, MSSPs and service delivery partners/system integrators, internal and external professional services consultants and sales engineers, incident responders and threat hunters
-
Knowledge Prerequisites
-
Participants should have basic knowledge of cybersecurity principles as well as experience in analyzing incidents and using security tools for investigations.
-
Course Objective
-
This training is recommended to prepare for the certification Palo Alto Networks Certified XSIAM Analyst.
- Investigate incidents, analyze key resources and artifacts, and interpret the causal chain.</li
- Query and analyze logs with XQL to gain meaningful insights.
- Use advanced tools and resources for comprehensive incident analysis.
-
Bitte beachten Sie: Ende Oktober 2024 kündigte Palo Alto Networks die Umstrukturierung des bestehenden Zertifizierungs-Programms an. Details dazu finden Sie hier.
| Introduction to Cortex XSIAM |
| Overview of XSIAM |
| Features and Functionalities |
| Problems XSIAM Solves |
| Endpoints |
| Using XSIAM for Endpoint Detection and Response |
| Endpoint Security |
| Investigating Endpoints |
| XQL |
| Introduction and Overview of XQL |
| XQL Components |
| Understanding Data Models |
| Alerting and Detection |
| Using Alert Correlation Features |
| Alert Causality |
| Incident Prioritization |
| Incident Statuses |
| Threat Intel Management |
| Threat Intel Management |
| Indicator Configuration |
| Indicator Investigation |
| Automation |
| Automation Overview |
| Work Plan and Playbook Tasks |
| Context Data |
| Creating and Managing Jobs |
| Using OOTB Content |
| Attack Surface Management |
| Attack Surface Management |
| Asset Inventory |
| ASM Investigation |
| Incident Handling |
| Introduction to Incident Handling |
| Incident Investigation and Response |
| Managing Incidents |
| Alert Investigation |
| Cortex Copilot |
| Dashboards and Reports |
| Customizing Dashboards |
| Generating and Scheduling Custom Reports |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
With the discontinuation of the Cortex XSIAM: Security Operations and Automation (EDU-270) course, Palo Alto Networks now offers two specially designed courses to meet the evolving needs of security teams. By splitting the content into specific courses for engineers "Cortex XSIAM: Security Operations, Integration, and Automation" and analysts "Cortex XSIAM: Investigation and Analysis", you will gain in-depth, role-specific expertise and practical skills that are directly aligned with your areas of responsibility.
In English-language online format (dates are marked with an English flag in this case), the course lasts two days from 9.00-17.00 (UK Time).
-
XSIAM is the industry's most comprehensive security incident and asset management platform, providing comprehensive capabilities for securing and managing infrastructure, workloads and applications across multiple environments.
In this training you will learn the key features of Cortex XSIAM. The course is designed to enable cybersecurity professionals, especially those in SOC/CERT/CSIRT and security analyst roles, to utilize XSIAM. The training covers the intricacies of XSIAM, from the basic components to advanced strategies and techniques, including the skills required for incident response, automation and cybersecurity orchestration.
-
Course Contents
-
- Introduction to Cortex XSIAM
- Endpoints
- XQL
- Alerting and Detection
- Threat Intel Management
- Automation
- Attack Surface Management
- Incident Handling
- Dashboards and Reports
You will receive the original course documentation by Palo Alto in English language as an e-book.
-
Target Group
-
SOC/CERT/CSIRT/XSIAM analysts and managers, MSSPs and service delivery partners/system integrators, internal and external professional services consultants and sales engineers, incident responders and threat hunters
-
Knowledge Prerequisites
-
Participants should have basic knowledge of cybersecurity principles as well as experience in analyzing incidents and using security tools for investigations.
-
Course Objective
-
This training is recommended to prepare for the certification Palo Alto Networks Certified XSIAM Analyst.
- Investigate incidents, analyze key resources and artifacts, and interpret the causal chain.</li
- Query and analyze logs with XQL to gain meaningful insights.
- Use advanced tools and resources for comprehensive incident analysis.
-
Bitte beachten Sie: Ende Oktober 2024 kündigte Palo Alto Networks die Umstrukturierung des bestehenden Zertifizierungs-Programms an. Details dazu finden Sie hier.
| Introduction to Cortex XSIAM |
| Overview of XSIAM |
| Features and Functionalities |
| Problems XSIAM Solves |
| Endpoints |
| Using XSIAM for Endpoint Detection and Response |
| Endpoint Security |
| Investigating Endpoints |
| XQL |
| Introduction and Overview of XQL |
| XQL Components |
| Understanding Data Models |
| Alerting and Detection |
| Using Alert Correlation Features |
| Alert Causality |
| Incident Prioritization |
| Incident Statuses |
| Threat Intel Management |
| Threat Intel Management |
| Indicator Configuration |
| Indicator Investigation |
| Automation |
| Automation Overview |
| Work Plan and Playbook Tasks |
| Context Data |
| Creating and Managing Jobs |
| Using OOTB Content |
| Attack Surface Management |
| Attack Surface Management |
| Asset Inventory |
| ASM Investigation |
| Incident Handling |
| Introduction to Incident Handling |
| Incident Investigation and Response |
| Managing Incidents |
| Alert Investigation |
| Cortex Copilot |
| Dashboards and Reports |
| Customizing Dashboards |
| Generating and Scheduling Custom Reports |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Online Training
Trainer language English