Cortex XDR:
Investigation and Response
PAN EDU-262 training course
Contents EDU-262 training course
During this hands-on lab training you will learn to work with Palo Alto Networks’ Cortex XDR in a test environment. First you will learn how to investigate attacks from Cortex XDR management console pages and then you will learn how to work with Cortex XDR data processing capabilities to protect your environment against advanced threats.
Objectives
Investigate attacks on the incidents page, and score, assign, and closet hem
Investigate artifacts using the specialized views such as IP View and Hash View
Work with Cortex XDR Pro actions :the remote script execution and EDL service
Describe the Cortex XDR causality and analytics concepts
Analyze alerts using the Causality and Timeline Views
Create and manage on-demand and schedule d search queries in the Query Center
Create and manage the Cortex XDR rules BIOC and IOC
Work with the Cortex XDR’s external data ingestion support
Write XQL queries to search datasets and visualize the result sets
Create simple Correlation Rules and Parsing Rules using XQL
Prerequisites
Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).
Target Audience
Cybersecurity analysts and engineers, and security operations specialists.