Courses Overview
The Palo Alto Networks: Cortex XSIAM: Security Operations, Integration, and Automation course is designed to provide cybersecurity professionals with the skills to manage, integrate, and automate security operations using the industry’s most comprehensive Security Incident and Asset Management (XSIAM) platform.
XSIAM delivers extensive visibility and control for protecting infrastructure, workloads, and applications across multi-cloud and hybrid environments. This course covers both foundational components and advanced capabilities, giving participants practical knowledge of incident handling, automation, integrations, and operational optimization.
- Explain the role of endpoint agents, XDR collectors, NGFWs, and Broker VMs in securing networks and devices
- Use XQL queries to analyze logs for improved data ingestion and threat detection
- Configure Threat Intelligence Management features to strengthen security operations
- Automate workflows and apply External Dynamic Lists (EDLs) and indicator rules
- Develop automation processes, manage indicators, and optimize dashboards for enhanced SOC performance
- SOC, CERT, CSIRT, and XSIAM Engineers and Managers
- MSSPs and Service Delivery Partners/System Integrators
- Professional Services Consultants (internal or external)
- Sales Engineers
- SIEM and Automation Engineers
Participants will gain both theoretical and practical expertise in using Cortex XSIAM to secure enterprise environments. The course reviews XSIAM in depth — from its core components to advanced strategies for integrations, automation, workflow development, and dashboard optimization — equipping learners to enhance visibility, detection, and response.
- Course Overview
- Overview of Cortex XSIAM
- Software Components
- XQL
- Detection Engineering
- Integrations
- Automation
- Threat Intel Management
- Attack Surface Management
- UI Customizations
- A foundational understanding of cybersecurity concepts
- Experience in incident analysis and the use of security tools for investigations