Course Overview
The Palo Alto Networks Cortex XSOAR: Engineering Security Automation Solutions course is a four-day instructor-led training with a blend of lectures and hands-on labs. This training will enable students to use Cortex XSOAR to:
- Conduct incident investigation and response activities on a phishing campaign
- Create custom dashboards and generate reports
- Install multiple engines and configure a load balancing group
- Use built-in and external integrations to ingest incidents and automate security processes
- Plan and implement an automation use case by building playbooks and automation scripts
This is an update and replacement for the previous (EDU-380) Cortex XSOAR: Automation and Orchestration. Private EDU-380 classes (based on Cortex XSOAR 6.8) are available upon request.
Who should attend
- SOC / SIEM / Automation Engineers
- MSSPs and Service Delivery Partners working with XSOAR
Certifications
This course is part of the following Certifications:
Prerequisites
Participants should have a basic understanding of:
- Networking concepts, such as identifying private IPs and domains
- Cybersecurity concepts, such as Indicators of Compromise
- Navigating Windows and Linux environments using the GUI and CLI
Course Objectives
Successful completion of this four-day, instructor-led course should enable students to integrate their existing security tools with Cortex XSOAR to streamline security processes, accelerate security outcomes, and automate manual security-oriented tasks.
Course Content
Course Modules:
- 0 - Course Introduction
- 1 - XSOAR Overview
- 2 - Incident Management
- 3 - Threat Intelligence
- 4 - Analyst Investigations
- 5 - Dashboards, Reports, and Timers
- 6 - Integrations and Content Management
- 7 - Architecture
- 8 - Use Case Planning and Implementation
- 9 - Playbook Development
- 10 - Automation Scripts
English