Cortex XDR:
Investigation and Response

PAN EDU-262 training course

Contents EDU-262 training course

During this hands-on lab training you will learn to work with Palo Alto Networks’ Cortex XDR in a test environment. First you will learn how to investigate attacks from Cortex XDR management console pages and then you will learn how to work with Cortex XDR data processing capabilities to protect your environment against advanced threats.


Investigate attacks on the incidents page, and score, assign, and closet hem

Investigate artifacts using the specialized views such as IP View and Hash View

Work with Cortex XDR Pro actions :the remote script execution and EDL service

Describe the Cortex XDR causality and analytics concepts

Analyze alerts using the Causality and Timeline Views

Create and manage on-demand and schedule d search queries in the Query Center

Create and manage the Cortex XDR rules BIOC and IOC

Work with the Cortex XDR’s external data ingestion support

Write XQL queries to search datasets and visualize the result sets

Create simple Correlation Rules and Parsing Rules using XQL

Download the official datasheet


Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).

Target Audience

Cybersecurity analysts and engineers, and security operations specialists.

Request a Quote