Courses Overview
The Palo Alto Networks: Cortex XDR: Security Operations and Integration course is a three-day, instructor-led training designed to help cybersecurity professionals leverage Cortex XDR for advanced detection, response, and operational security.
This training provides in-depth instruction on Cortex XDR, Palo Alto Networks’ extended detection and response platform. Participants will gain practical skills in incident investigation, system optimization, and security operations, with hands-on experience configuring integrations, developing workflows, managing indicators, and fine-tuning dashboards to strengthen organizational security.
- Explain the role of Cortex XDR components — including endpoint agents, XDR collectors, NGFWs, and Broker VMs — in securing modern networks and devices
- Use XQL queries to analyze logs, improve data ingestion, and detect threats
- Design and implement workflows to streamline SOC operations
- Apply External Dynamic Lists and indicator rules to enforce security policies
- Optimize dashboards for enhanced monitoring and response capabilities
- SOC, CERT, CSIRT, and XDR Engineers and Managers
- Managed Security Service Providers (MSSPs)
- Service Delivery Partners and System Integrators
- Security Consultants
- Sales Engineers
Participants will develop both theoretical and practical expertise in using Cortex XDR to enhance visibility and response across their security environments. Training modules cover everything from core platform components to advanced strategies for workflow automation, indicator management, and threat detection.
- Course Overview
- Overview of Cortex XDR
- Software Components
- Integrations
- XQL
- Detection Engineering
- System Optimization
- Dashboards and Reports
Attendees should have a solid foundation in cybersecurity, with knowledge of both network security and endpoint security concepts.