Designed to help students configure and manage the essential features of Palo Alto networks next generation firewalls.
Palo Alto Networks Cortex XDR: Security Operations and Integration
Master the Cortex XDR platform to protect your environment effectively. Learn to deploy agents, configure security profiles and policies, analyze threats using XQL, automate response actions, tune detection settings, and optimize dashboards while working efficiently with alerts and integrations.
Course Duration
3 Days
Target Audience
SOC/CERT/CSIRT/XDR engineers and managers, MSSPs and service delivery partners/system integrators, security consultants and sales engineers.
Course Overview
This 3-day instructor-led course provides hands-on training in Cortex XDR, Palo Alto Networks’ extended detection and response platform. Participants will learn to deploy agents on endpoints, configure security profiles and policies, and perform and track response actions.
The course also covers analyzing logs with XQL, managing alerts, tuning detection profiles, and optimizing dashboards for effective security operations. By the end, attendees will have practical skills to secure modern IT environments and streamline SOC workflows.
Key Learning Objectives
Upon successful completion of this instructor-led course with hands-on lab activities
should enable you to:
- Describe the architecture and components of the Cortex XDR platform, including endpoint agents, XDR collectors, NGFWs, and Broker VMs.
- Navigate and use the Cortex XDR management console, including dashboards, reports, and alerts.
- Create and deploy Cortex XDR agent installation packages, endpoint groups, and security policies.
- Configure and manage Exploit and Malware Prevention profiles and tune detection settings using exceptions.
- Investigate alerts, prioritize threats, and apply response actions effectively.
- Perform incident response workflows and track actions in the Action Center.
- Deploy a Broker VM, configure Local Agent Settings, and troubleshoot common agent and deployment issues.
- Understand Cortex XDR deployment concepts, activation requirements, and integration with security tools for optimized operations.
Palo Alto Networks Cortex XDR: Security Operations and Integration
Course Modules
- Course Overview
- Introduction to Cortex XDR and Architecture
- Cortex XDR Main Components: Agents, Collectors, NGFWs, and Broker VMs
- Cortex XDR Management Console: Dashboards, Reporting, and Alerts
- Security Profiles and Policy Rules
- Malware and Exploit Protection
- Detection Engineering and XQL Queries
- Managing and Tuning Alerts and Policies
- Performing Response Actions and Incident Workflows
- Basic Agent Troubleshooting and Broker VM Deployment
- System Optimization and Deployment Considerations
- Integrations with Security Tools and Best Practices
Why train with us?
Red Education is an information technology-accredited certification training company, commonly known as an ATC. A winner of numerous Palo Alto Networks ATC and Instructor of the Year awards, they are an industry leader supporting Palo Alto Networks certification training at a global level.
Red Education exists to serve the global IT community, specialising in cyber security training.
Since opening its doors in 2005, Red Education has taught more than 85,000 students worldwide. These students come from many different places, cultures, languages, and time zones. Red Education employs a highly qualified and experienced team of local instructors with the communications skills to deliver a premium training outcome. Using certified courseware materials and allowing students to practice what they learn in our award-winning simulated virtual “lab” environment, this technique is the perfect blend of conceptual training reinforced and backed up with a hands-on lab-build approach to ensure complete understanding.
Recently, Red Education has become a critical delivery partner to the global security industry. At the start of 2020, governments around the world mandated responses to COVID-19, forcing businesses to spend money updating their computer systems and processes as they rushed to support virtual point-of-sale (VPOS) operations and replace more traditional brick-and-mortar businesses. These fast changes put businesses in danger, giving cybercriminals the chance to break into networks through identity theft, malware, phishing, data theft, and cryptographic operations.
Palo Alto Networks Training Credits:
Training credits are a convenient way to purchase instructor-led training courses. Red Education is one of the few Globally Accredited Training partners that provides training across all Palo Alto Networks’ authorised courseware. Credits may be used for private, public, On-site or virtual instructor-led training. We can facilitate all your organisation’s training requirements through one transaction covering all parts of the world. Winner of “consecutive Training Partner of the Year Awards and Instructor of the Year Awards”, our instructors can deliver premium training in any language across any time zone. Red Education is a one-stop shop. We can facilitate all your global training requirements and are here to assist you with local advice to walk you through this process.
Certification
The Cortex XDR: Security Operations and Integration course is not linked to any Palo Alto Networks certification.
The purpose of Red Education is twofold.
- For their students: to empower them through learning
- For organizations: to ensure their protection against cyber threats by providing highly skilled personnel to implement the latest cybersecurity technology solutions.
They do this by providing a training framework that supports and upskills the IT community they serve, with the essential technical knowledge that underpins their respective companies’ operating systems. These outcomes greatly enhance students’ understanding of the implementation process, maintenance, and best practice standards to support the relevant technology in the field.
Okay sign me up, I’m convinced, what’s the next step?
Your Gateway
Palo Alto Networks EDU-210 Firewall Essentials – Configuration and Management
- Course Code: EDU-210
- Delivery Mode: ILT, VILT
- Technology: Network Security, STRATA
Palo Alto Networks EDU-330 Firewall : Troubleshooting
- Course Code: EDU-330
- Delivery Mode: ILT, VILT
- Technology: Network Security, STRATA
Learn how to troubleshoot the configuration and operation of the Palo Alto Networks® Next-Generation Firewalls and PAN-OS® to gain visibility and control over applications, users, and content.
Palo Alto Networks Panorama: NGFW Management
- Delivery Mode: ILT, VILT
- Technology: Network Security, STRATA
Learn how to configure and manage the next-generation Panorama management server, gain experience configuring templates (including template variables) and device group ,gain experience with administration, log collection, and logging and reporting and become familiar with planning and design considerations for Panorama deployment
Palo Alto Networks Prisma Access SSE: Configuration and Deployment
- Delivery Mode: ILT, VILT
- Technology: Network Security, SSE
Learn the operational deployment of Prisma Access Secure Access Service Edge (SASE) and how it helps organizations embrace the needs of the modern workforce by providing network connectivity and network security services from the cloud.
Palo Alto Networks Prisma Access Browser
- Delivery Mode: ILT/VILT
- Technology: Network Security, SSE
Learn to secure remote users and branch offices with Prisma Access, managing policies and monitoring traffic for safe, reliable access.
Palo Alto Networks Prisma SD-WAN: Design and Operation
- Delivery Mode: ILT, VILT
- Technology: SASE
Learn how to configure, operate, and troubleshoot Prisma SD-WAN by enrolling in our comprehensive Prisma SD-WAN Design and Operation (EDU-238) course.
