Palo Alto ATC Logo

Palo Alto Networks Cortex XSIAM: Security Operations, Integration, and Automation

Palo Alto ATC Logo

With the discontinuation of the Cortex XSIAM: Security Operations and Automation (EDU-270) course, Palo Alto Networks now offers two specially designed courses to meet the evolving needs of security teams. By splitting the content into dedicated courses for engineers "Cortex XSIAM: Security Operations, Integration, and Automation" and analysts "Cortex XSIAM: Investigation and Analysis", you will gain in-depth, role-specific expertise and practical skills that are directly aligned to your job roles.

In the English-language online format (dates are marked with an English flag in this case), the course lasts 3 days from 9.00-17.00 (UK Time).

XSIAM is the industry's most comprehensive security incident and asset management platform, providing comprehensive capabilities for securing and managing infrastructure, workloads and applications across multiple environments.

In this training you will learn the key features of Cortex XSIAM. The course is aimed at cybersecurity professionals, especially those in SOC/CERT/CSIRT and engineering functions who want to use XSIAM. The course covers the intricacies of XSIAM, from the basic components to advanced strategies and techniques, including the skills required to configure security integrations, develop automated workflows, manage indicators, and optimize dashboards for improved security operations.

Course Contents

  • Course Overview
  • Overview of Cortex XSIAM
  • Software Components
  • XQL
  • Detection Engineering
  • Integrations
  • Automation
  • Threat Intel Management
  • Attack Surface Management
  • UI Customizations

E-Book Symbol You will receive the original course documentation by Palo Alto in English language as an e-book.

Request in-house training now

Target Group

This course is ideal for professionals who design, implement or maintain the XSIAM platform, with a focus on integrations, data ingestion, automation workflows, threat intelligence and operational dashboard optimization. If you want to make the most of XSIAM's technical capabilities in your day-to-day work, this course is for you.

Knowledge Prerequisites

No prior knowledge of Palo Alto Networks is required to attend this Cortex XSIAM Palo Alto course. Participants should have basic knowledge of cybersecurity concepts and experience with the fundamentals of network or endpoint security.

Course Objective

This course is recommended as preparation for the Palo Alto Networks Certified XSIAM Engineer certification.

  • Describe how endpoint agents, XDR collectors, NGFWs, and broker VMs secure networks and devices
  • Query and analyze logs using XQL for data collection and discovery.
  • Configure Threat Intel Management capabilities, automate workflows and apply EDLs and indicator rules.
Course Overview
Welcome and Introductions
Intended Audience and Course Focus
Course Objectives and Agenda
Lab Topology
 
Overview of Cortex XSIAM
Overview of XSIAM
Features and Functionalities
Problems XSIAM Solves
 
Software Components
Agents
XDR Collectors
PANW NGFW
Broker VM
Engines
Cloud Identity Engine
 
XQL
Introduction and Overview of XQL
XQL Components
Parsing
Data Models
 
Detection Engineering
Custom IOCs/BIOCs
Correlation Rules
 
Integrations
Marketplace
Dev/Prod
API (Ingestion)
API (Automation)
Custom
 
Automation
Introduction to Automation
Marketplace
Playbooks
Scripts
 
Threat Intel Management
TIM Overview
Automation and Feed Integrations
External Dynamic Lists
Jobs
TIM Indicator Rules
 
Attack Surface Management
Attack Surface Management
Attack Surface Rules
Attack Surface Testing
 
UI Customizations
Fields and Layouts
XQL Widgets
Dynamic Dashboards

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request in-house training now
PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.

With the discontinuation of the Cortex XSIAM: Security Operations and Automation (EDU-270) course, Palo Alto Networks now offers two specially designed courses to meet the evolving needs of security teams. By splitting the content into dedicated courses for engineers "Cortex XSIAM: Security Operations, Integration, and Automation" and analysts "Cortex XSIAM: Investigation and Analysis", you will gain in-depth, role-specific expertise and practical skills that are directly aligned to your job roles.

In the English-language online format (dates are marked with an English flag in this case), the course lasts 3 days from 9.00-17.00 (UK Time).

XSIAM is the industry's most comprehensive security incident and asset management platform, providing comprehensive capabilities for securing and managing infrastructure, workloads and applications across multiple environments.

In this training you will learn the key features of Cortex XSIAM. The course is aimed at cybersecurity professionals, especially those in SOC/CERT/CSIRT and engineering functions who want to use XSIAM. The course covers the intricacies of XSIAM, from the basic components to advanced strategies and techniques, including the skills required to configure security integrations, develop automated workflows, manage indicators, and optimize dashboards for improved security operations.

Course Contents

  • Course Overview
  • Overview of Cortex XSIAM
  • Software Components
  • XQL
  • Detection Engineering
  • Integrations
  • Automation
  • Threat Intel Management
  • Attack Surface Management
  • UI Customizations

E-Book Symbol You will receive the original course documentation by Palo Alto in English language as an e-book.

Request in-house training now

Target Group

This course is ideal for professionals who design, implement or maintain the XSIAM platform, with a focus on integrations, data ingestion, automation workflows, threat intelligence and operational dashboard optimization. If you want to make the most of XSIAM's technical capabilities in your day-to-day work, this course is for you.

Knowledge Prerequisites

No prior knowledge of Palo Alto Networks is required to attend this Cortex XSIAM Palo Alto course. Participants should have basic knowledge of cybersecurity concepts and experience with the fundamentals of network or endpoint security.

Course Objective

This course is recommended as preparation for the Palo Alto Networks Certified XSIAM Engineer certification.

  • Describe how endpoint agents, XDR collectors, NGFWs, and broker VMs secure networks and devices
  • Query and analyze logs using XQL for data collection and discovery.
  • Configure Threat Intel Management capabilities, automate workflows and apply EDLs and indicator rules.

Course Overview
Welcome and Introductions
Intended Audience and Course Focus
Course Objectives and Agenda
Lab Topology
 
Overview of Cortex XSIAM
Overview of XSIAM
Features and Functionalities
Problems XSIAM Solves
 
Software Components
Agents
XDR Collectors
PANW NGFW
Broker VM
Engines
Cloud Identity Engine
 
XQL
Introduction and Overview of XQL
XQL Components
Parsing
Data Models
 
Detection Engineering
Custom IOCs/BIOCs
Correlation Rules
 
Integrations
Marketplace
Dev/Prod
API (Ingestion)
API (Automation)
Custom
 
Automation
Introduction to Automation
Marketplace
Playbooks
Scripts
 
Threat Intel Management
TIM Overview
Automation and Feed Integrations
External Dynamic Lists
Jobs
TIM Indicator Rules
 
Attack Surface Management
Attack Surface Management
Attack Surface Rules
Attack Surface Testing
 
UI Customizations
Fields and Layouts
XQL Widgets
Dynamic Dashboards

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request in-house training now

PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.
ExperTeach Identifier: PCSO
Duration & Prices
Prices excl. V.A.T.
Classes in Germany
3 days
€ 2,395
Online training
3 days
€ 2,395
Dates
Only courses in English are listed here.
Click here for courses in German.