Skip to content

We would like to inform you that both our Computer Pride Nairobi and Mombasa offices will be closed completely from Wednesday, 19th July 2023 to Thursday, 27th July 2023. We will resume our regular operations on Friday, 28th July 2023.

This closure is in observance of the special Ashara Mubaraka prayers. In case of any urgent inquiries or assistance, please feel free to contact us at info@computer-pride.co.ke.

Search...

Palo Alto Networks: Cortex™ XDR – Investigation and Response

Request Corporate or Group Training Enquire About Course

Courses Overview

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the core concepts of causality and analytics. You will also learn how to analyze alerts using the Causality and Timeline Views, leverage advanced response actions such as remediation suggestions, the EDL service, and remote script execution, and create both search queries and XDR rules. The course introduces XDR Query Language (XQL) and demonstrates how to use specialized investigation views such as IP and Hash Views. It concludes with an overview of external-data collection, including Cortex XDR API integration for external alerts.

Participants must have completed EDU-260 (Cortex XDR: Prevention and Deployment) before enrolling.
Who Should Attend
  • Cybersecurity Analysts and Engineers
  • Security Operations Specialists
By the end of this course, you will be able to:
  • Investigate and manage incidents in Cortex XDR
  • Describe causality and analytics concepts
  • Analyze alerts using Causality and Timeline Views
  • Use advanced response actions including remediation suggestions, the EDL service, and remote script execution
  • Create and manage on-demand and scheduled search queries in the Query Center
  • Develop and manage Cortex XDR rules (BIOC and IOC)
  • Investigate artifacts with specialized views (IP View, Hash View)
  • Write XQL queries to search datasets and visualize results
  • Work with external-data collection, including Cortex XDR API alerts
  • Module 1: Cortex XDR Overview
  • Module 2: Cortex XDR Main Components
  • Module 3: Cortex XDR Management Console
  • Module 4: Profiles and Policy Rules
  • Module 5: Malware Protection
  • Module 6 : Exploit Protection
  • Module 7: Cortex XDR Alerts
  • Module 8: Tuning Policies Using Exceptions
  • Module 9: Response Actions
  • Module 10: Basic Agent Troubleshooting
  • Module 11: Broker VM Overview
  • Module 12: Deployment Considerations

Participants must be familiar with enterprise product deployment, networking, and security concepts.

  • Palo Alto Networks: Cortex™ XDR : Investigation and Response (EDU-262)

Related Courses

Palo Alto Networks: Cortex™ XDR – Investigation and Response
Palo Alto Networks: Panorama – Centralized Network Security Administration

Training Schedule

 Click here to download our Training Schedule.

Group Training Form








    Enquire About Course