Palo Alto Networks Cortex XDR: Investigation and Response (EDU-262 for Cortex XDR 3.2)

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics. You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

Register your interest in this course here
Register your interest now

  • 20
    2 days, Mon & Tue 9:00 AM - 5:00 PM
    Virtual - AUS
    Session information
    Session 1
    Thu 20 Jul 09:00 - Thu 20 Jul 17:00
    Virtual - AUS
    Session 2
    Fri 21 Jul 09:00 - Fri 21 Jul 17:00
    Virtual - AUS
    • $2,723.00 excl. GST
  • 17
    2 days, Thu & Fri 9:00 AM - 5:00 PM
    Virtual - AUS
    Session information
    Session 1
    Thu 17 Aug 09:00 - Thu 17 Aug 17:00
    Virtual - AUS
    Session 2
    Fri 18 Aug 09:00 - Fri 18 Aug 17:00
    Virtual - AUS
    • $2,723.00 excl. GST



    Successful completion of this instructor-led course with hands-on lab activities should enable participants to:

    • Investigate and manage incidents
    • Describe the Cortex XDR causality and analytics concepts
    • Analyze alerts using the Causality and Timeline Views
    • Work with Cortex XDR Pro actions such as remote script execution
    • Create and manage on-demand and scheduled search queries in the  Query Center
    • Create and manage the Cortex XDR rules BIOC and IOC
    • Working with Cortex XDR assets and inventories
    • Write XQL queries to search datasets and visualize the result sets
    • Work with Cortex XDR’s external-data collection

    Course Modules

    1. Cortex XDR Incidents
    2. Causality and Analytics Concepts
    3. Causality Analysis of Alerts
    4. Advanced Response Actions
    5. Building Search Queries
    6. Building XDR Rules
    7. Cortex XDR Assets
    8. Introduction to XQL
    9. External Data Collection

    Target Audience 

    The Cortex XDR: Investigation & Response (EDU-262) course is intended for Cybersecurity analysts and engineers, Security operations specialists 


    The Cortex XDR: Investigation and Response (EDU-262) course is not linked to any Palo Alto Networks certification.

    Palo Alto Networks Training Credits:

    Training credits are a convenient way to purchase instructor-led training courses. Red Education is one of the few Globally Accredited Training partners that provides training across all Palo Alto Networks' authorised courseware. Credits may be used for private, public, On-site or virtual instructor-led training. We can facilitate all your organisation's training requirements through one transaction covering all parts of the world. Winner of "consecutive Training Partner of the Year Awards and Instructor of the Year Awards", our instructors can deliver premium training in any language across any time zone. Red Education is a one-stop shop. We can facilitate all your global training requirements and are here to assist you with local advice to walk you through this process.


    Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).


    Please see the Palo Alto Course Outline for the detailed agenda.

    Translate »