Courses Overview
This instructor-led course teaches participants how to investigate attacks and manage incidents using the Cortex XDR management console. You will learn how to work with causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics. The course also introduces XDR Query Language (XQL) and demonstrates external-data collection using the Cortex XDR API.
Participants must have completed EDU-260 (Cortex XDR: Prevention and Deployment) before enrolling.
- Cybersecurity Analysts and Engineers
- Security Operations Specialists
Successful completion of this course enables you to:
- Investigate and manage incidents through the Cortex XDR console
- Understand causality and analytics concepts
- Analyze alerts using the Causality and Timeline Views
- Use advanced response actions such as remediation suggestions, the EDL service, and remote script execution
- Create and manage on-demand and scheduled search queries in the Query Center
- Configure and apply Cortex XDR rules (BIOC and IOC)
- Investigate artifacts using IP and Hash specialized views
- Write XQL queries to search datasets and visualize results
- Work with external-data collection and integrate Cortex XDR API alerts
- Module 1: Cortex XDR Incidents
- Module 2: Causality and Analytics Concepts
- Module 3: Causality Analysis of Alerts
- Module 4: Advanced Response Actions
- Module5: Building Search Queries
- Module 6 : Building XDR Rules
- Module 7: Investigation Views
- Module 8: Introduction to XQL
- Module 9: External Data Collection
Completion of Cortex XDR: Prevention and Deployment (EDU-260) is required