Palo Alto Networks Cortex XDR: Investigation and Response (EDU-262 for Cortex XDR 3.6)
This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics. You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.
No events to show
-
20Jun2 days, Thu & Fri 9:00 AM – 5:00 PMVirtual US - Central Time Zone
Sessions
Session 1
Thu 20 Jun 09:00 - Thu 20 Jun 17:00Virtual US - Central Time ZoneSession 2
Fri 21 Jun 09:00 - Fri 21 Jun 17:00Virtual US - Central Time Zone- $2,000.00 excl.
-
18Jul2 days, Thu & Fri 9:00 AM – 5:00 PMVirtual US - Central Time Zone
Sessions
Session 1
Thu 18 Jul 09:00 - Thu 18 Jul 17:00Virtual US - Central Time ZoneSession 2
Fri 19 Jul 09:00 - Fri 19 Jul 17:00Virtual US - Central Time Zone- $2,000.00 excl.
-
22Aug2 days, Thu & Fri 9:00 AM – 5:00 PMVirtual US - Central Time Zone
Sessions
Session 1
Thu 22 Aug 09:00 - Thu 22 Aug 17:00Virtual US - Central Time ZoneSession 2
Fri 23 Aug 09:00 - Fri 23 Aug 17:00Virtual US - Central Time Zone- $2,000.00 excl.
-
26Sep2 days, Thu & Fri 9:00 AM – 5:00 PMVirtual US - Central Time Zone
Sessions
Session 1
Thu 26 Sep 09:00 - Thu 26 Sep 17:00Virtual US - Central Time ZoneSession 2
Fri 27 Sep 09:00 - Fri 27 Sep 17:00Virtual US - Central Time Zone- $2,000.00 excl.
-
24Oct2 days, Thu & Fri 9:00 AM – 5:00 PMVirtual US - Central Time Zone
Sessions
Session 1
Thu 24 Oct 09:00 - Thu 24 Oct 17:00Virtual US - Central Time ZoneSession 2
Fri 25 Oct 09:00 - Fri 25 Oct 17:00Virtual US - Central Time Zone- $2,000.00 excl.
Description
Objectives
Successful completion of this instructor-led course with hands-on lab activities should enable participants to:
- Investigate and manage incidents
- Describe the Cortex XDR causality and analytics concepts
- Analyze alerts using the Causality and Timeline Views
- Work with Cortex XDR Pro actions such as remote script execution
- Create and manage on-demand and scheduled search queries in the Query Center
- Create and manage the Cortex XDR rules BIOC and IOC
- Working with Cortex XDR assets and inventories
- Write XQL queries to search datasets and visualize the result sets
- Work with Cortex XDR’s external-data collection
Course Modules
- Cortex XDR Incidents
- Causality and Analytics Concepts
- Causality Analysis of Alerts
- Advanced Response Actions
- Building Search Queries
- Building XDR Rules
- Cortex XDR Assets
- Introduction to XQL
- External Data Collection
Target Audience
The Cortex XDR: Investigation & Response (EDU-262) course is intended for Cybersecurity analysts and engineers, Security operations specialists
Certification
The Cortex XDR: Investigation and Response (EDU-262) course is linked to PCDRA certification.
Palo Alto Networks Training Credits:
Training credits are a convenient way to purchase instructor-led training courses. Red Education is one of the few Globally Accredited Training partners that provides training across all Palo Alto Networks' authorised courseware. Credits may be used for private, public, On-site or virtual instructor-led training. We can facilitate all your organisation's training requirements through one transaction covering all parts of the world. Winner of "consecutive Training Partner of the Year Awards and Instructor of the Year Awards", our instructors can deliver premium training in any language across any time zone. Red Education is a one-stop shop. We can facilitate all your global training requirements and are here to assist you with local advice to walk you through this process.
Prerequisites:
Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).
Datasheets:
Please see the Palo Alto Course Outline for the detailed agenda.