Cortex XDR:
Investigation and Response
PAN EDU-262 training course
Contents EDU-262 training course
During this hands-on lab training you will learn to work with Palo Alto Networks’ Cortex XDR in a test environment. First you will learn how to investigate attacks from Cortex XDR management console pages and then you will learn how to work with Cortex XDR data processing capabilities to protect your environment against advanced threats.
Objectives
Investigate attacks on the incidents page, and score, assign, and closet hem
Investigate artifacts using the specialized views such as IP View and Hash View
Work with Cortex XDR Pro actions :the remote script execution and EDL service
Describe the Cortex XDR causality and analytics concepts
Analyze alerts using the Causality and Timeline Views
Create and manage on-demand and schedule d search queries in the Query Center
Create and manage the Cortex XDR rules BIOC and IOC
Work with the Cortex XDR’s external data ingestion support
Write XQL queries to search datasets and visualize the result sets
Create simple Correlation Rules and Parsing Rules using XQL
Prerequisites
Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).
Target Audience
Cybersecurity analysts and engineers, and security operations specialists.
Why choose ON2IT?
We are a Palo Alto Networks Authorized Trainer Partner (ATP).
Our trainers are senior consultants with years of experience
Our courses do not consist of dry theory, but combine theory, interaction and practice (in a lab environment)
You can attend our training courses at our office, virtually or on location.
Meet our trainers
Rob Maas
Rob is ON2IT Lead Architect and Technical challenger. Since 2020 Rob is also a Certified Forrester Zero Trust Strategist.
Johan Bogema
Johan is ON2IT Product Owner Cloud Security. Johan has years of experience with Zero Trust security implementations within large-scale cloud transformations.