Palo Alto Networks Cortex XDR: Investigation and Response (EDU-262 for Cortex XDR 3.6)
This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics. You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.
Register your interest in this course here
Register your interest now
-
09May2 days, Thu & Fri 9:00 AM - 5:00 PMVirtual - ASIA
Sessions
Session 1
Thu 09 May 09:00 - Thu 09 May 17:00Virtual - ASIASession 2
Fri 10 May 09:00 - Fri 10 May 17:00Virtual - ASIA- $2,000.00 excl. GST
-
18Jul2 days, Thu & Fri 9:00 AM - 5:00 PMVirtual - ASIA
Sessions
Session 1
Thu 18 Jul 09:00 - Thu 18 Jul 17:00Virtual - ASIASession 2
Fri 19 Jul 09:00 - Fri 19 Jul 17:00Virtual - ASIA- $2,000.00 excl. GST
-
12Sep2 days, Thu & Fri 9:00 AM - 5:00 PMVirtual - ASIA
Sessions
Session 1
Thu 12 Sep 09:00 - Thu 12 Sep 17:00Virtual - ASIASession 2
Fri 13 Sep 09:00 - Fri 13 Sep 17:00Virtual - ASIA- $2,000.00 excl. GST
-
28Nov2 days, Thu & Fri 9:00 AM - 5:00 PMVirtual - ASIA
Sessions
Session 1
Thu 28 Nov 09:00 - Thu 28 Nov 17:00Virtual - ASIASession 2
Fri 29 Nov 09:00 - Fri 29 Nov 17:00Virtual - ASIA- $2,000.00 excl. GST
Description
Objectives
Successful completion of this instructor-led course with hands-on lab activities should enable participants to:
- Investigate and manage incidents
- Describe the Cortex XDR causality and analytics concepts
- Analyze alerts using the Causality and Timeline Views
- Work with Cortex XDR Pro actions such as remote script execution
- Create and manage on-demand and scheduled search queries in the Query Center
- Create and manage the Cortex XDR rules BIOC and IOC
- Working with Cortex XDR assets and inventories
- Write XQL queries to search datasets and visualize the result sets
- Work with Cortex XDR’s external-data collection
Course Modules
- Cortex XDR Incidents
- Causality and Analytics Concepts
- Causality Analysis of Alerts
- Advanced Response Actions
- Building Search Queries
- Building XDR Rules
- Cortex XDR Assets
- Introduction to XQL
- External Data Collection
Target Audience
The Cortex XDR: Investigation & Response (EDU-262) course is intended for Cybersecurity analysts and engineers, Security operations specialists
Certification
The Cortex XDR: Investigation and Response (EDU-262) course is linked to PCDRA certification.
Palo Alto Networks Training Credits:
Training credits are a convenient way to purchase instructor-led training courses. Red Education is one of the few Globally Accredited Training partners that provides training across all Palo Alto Networks' authorised courseware. Credits may be used for private, public, On-site or virtual instructor-led training. We can facilitate all your organisation's training requirements through one transaction covering all parts of the world. Winner of "consecutive Training Partner of the Year Awards and Instructor of the Year Awards", our instructors can deliver premium training in any language across any time zone. Red Education is a one-stop shop. We can facilitate all your global training requirements and are here to assist you with local advice to walk you through this process.
Prerequisites:
Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).
Datasheets:
Please see the Palo Alto Course Outline for the detailed agenda.