Courses Overview
The Palo Alto Networks: Cortex XSIAM for Investigation and Analysis course is designed to equip cybersecurity professionals with the skills to investigate, analyze, and respond to incidents using the industry’s most comprehensive Security Incident and Asset Management (XSIAM) platform.
XSIAM delivers unmatched coverage for securing and managing infrastructure, workloads, and applications across hybrid and multi-cloud environments. This course covers both the fundamental components and advanced features of XSIAM, providing participants with the ability to navigate incident handling, apply automation, and orchestrate efficient security operations.
- Investigate incidents, analyze critical assets and artifacts, and interpret causality chains
- Use XQL to query and analyze logs for deeper insights into incidents and security events
- Leverage advanced XSIAM tools and resources for comprehensive incident analysis and response
- Apply best practices for automating and orchestrating security workflows
- SOC, CERT, CSIRT, and XSIAM Analysts and Managers
- MSSPs and Service Delivery Partners/System Integrators
- Professional Services Consultants (internal or external)
- Security Sales Engineers
- Incident Responders and Threat Hunters
Through guided instruction and hands-on labs, participants will gain practical expertise in using Cortex XSIAM to investigate incidents, analyze system artifacts, and orchestrate security operations. The training builds a strong foundation for professionals aiming to maximize efficiency in threat detection, response, and analysis.
- Introduction to Cortex XSIAM
- Endpoints
- XQL
- Alerting and Detection
- Threat Intel Management
- Automation
- Attack Surface Management
- Incident Handling
- Dashboards and Reports
- A foundational understanding of cybersecurity principles
- Prior experience analyzing security incidents and using investigation tools