fbpx

Palo Alto Networks Cortex XDR: Investigation and Response (EDU-262 for Cortex XDR 3.6)

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics. You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

Register your interest in this course here
Register your interest now

  • 18
    Jul
    2 days, Thu & Fri 9:00 AM - 5:00 PM
    Virtual - AUS
    Session information
    Sessions
    Session 1
    Thu 18 Jul 09:00 - Thu 18 Jul 17:00
    Virtual - AUS
    Session 2
    Fri 19 Jul 09:00 - Fri 19 Jul 17:00
    Virtual - AUS
    • $2,723.00 excl. GST
  • 05
    Sep
    2 days, Thu & Fri 9:00 AM - 5:00 PM
    Virtual - AUS
    Session information
    Sessions
    Session 1
    Thu 05 Sep 09:00 - Thu 05 Sep 17:00
    Virtual - AUS
    Session 2
    Fri 06 Sep 09:00 - Fri 06 Sep 17:00
    Virtual - AUS
    • $2,723.00 excl. GST
  • 21
    Nov
    2 days, Thu & Fri 9:00 AM - 5:00 PM
    Virtual - AUS
    Session information
    Sessions
    Session 1
    Thu 21 Nov 09:00 - Thu 21 Nov 17:00
    Virtual - AUS
    Session 2
    Fri 22 Nov 09:00 - Fri 22 Nov 17:00
    Virtual - AUS
    • $2,723.00 excl. GST

Description

Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable participants to:

  • Investigate and manage incidents
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Work with Cortex XDR Pro actions such as remote script execution
  • Create and manage on-demand and scheduled search queries in the  Query Center
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Working with Cortex XDR assets and inventories
  • Write XQL queries to search datasets and visualize the result sets
  • Work with Cortex XDR’s external-data collection

Course Modules

  1. Cortex XDR Incidents
  2. Causality and Analytics Concepts
  3. Causality Analysis of Alerts
  4. Advanced Response Actions
  5. Building Search Queries
  6. Building XDR Rules
  7. Cortex XDR Assets
  8. Introduction to XQL
  9. External Data Collection

Target Audience 

The Cortex XDR: Investigation & Response (EDU-262) course is intended for Cybersecurity analysts and engineers, Security operations specialists 

Certification

The Cortex XDR: Investigation and Response (EDU-262) course is linked to PCDRA certification.

Palo Alto Networks Training Credits:

Training credits are a convenient way to purchase instructor-led training courses. Red Education is one of the few Globally Accredited Training partners that provides training across all Palo Alto Networks' authorised courseware. Credits may be used for private, public, On-site or virtual instructor-led training. We can facilitate all your organisation's training requirements through one transaction covering all parts of the world. Winner of "consecutive Training Partner of the Year Awards and Instructor of the Year Awards", our instructors can deliver premium training in any language across any time zone. Red Education is a one-stop shop. We can facilitate all your global training requirements and are here to assist you with local advice to walk you through this process.

Prerequisites:

Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).

Datasheets:

Please see the Palo Alto Course Outline for the detailed agenda.

Translate »