Cortex XDR:
Investigation and Response

PAN EDU-262 training course

Contents EDU-262 training course

During this hands-on lab training you will learn to work with Palo Alto Networks’ Cortex XDR in a test environment. First you will learn how to investigate attacks from Cortex XDR management console pages and then you will learn how to work with Cortex XDR data processing capabilities to protect your environment against advanced threats.


Investigate attacks on the incidents page, and score, assign, and closet hem

Investigate artifacts using the specialized views such as IP View and Hash View

Work with Cortex XDR Pro actions :the remote script execution and EDL service

Describe the Cortex XDR causality and analytics concepts

Analyze alerts using the Causality and Timeline Views

Create and manage on-demand and schedule d search queries in the Query Center

Create and manage the Cortex XDR rules BIOC and IOC

Work with the Cortex XDR’s external data ingestion support

Write XQL queries to search datasets and visualize the result sets

Create simple Correlation Rules and Parsing Rules using XQL

Download the official datasheet


Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).

Target Audience

Cybersecurity analysts and engineers, and security operations specialists.

Request a Quote

Why choose ON2IT?

We are a Palo Alto Networks Authorized Trainer Partner (ATP).

Our trainers are senior consultants with years of experience

Our courses do not consist of dry theory, but combine theory, interaction and practice (in a lab environment)

You can attend our training courses at our office, virtually or on location.

Request a Quote

Meet our trainers

Rob Maas

Rob is ON2IT Lead Architect and Technical challenger. Since 2020 Rob is also a Certified Forrester Zero Trust Strategist.

Johan Bogema

Johan is ON2IT Product Owner Cloud Security. Johan has years of experience with Zero Trust security implementations within large-scale cloud transformations.