- Course overview
- Course details
- Prerequisites
Course overview
About this course
This 2-day, hands-on training course is designed to equip cybersecurity professionals with the knowledge and skills to effectively investigate incidents and manage security operations using Cortex XSIAM — Palo Alto Networks’ next-generation SOC platform.
Participants will learn how to query and analyze logs with XQL, leverage built-in threat intelligence tools, automate investigation workflows, and visualize security data using dashboards and reports. With a strong focus on real-world application, this course combines lectures and lab-based exercises to ensure participants gain practical expertise in incident analysis and response.
Audience profile
This course is intended for SOC/CERT/CSIRT/XSIAM analysts and managers, MSSPs and service delivery partners/system integrators, internal and external professional-services consultants and sales engineers, incident responders and threat hunters.
At course completion, you will learn:
- Investigate incidents, analyze key assets and artifacts, and interpret the causality chain.
- Query and analyze logs using XQL to extract meaningful insights.
- Utilize advanced tools and resources for comprehensive incident analysis.
Course details
- Introduction to Cortex XSIAM
- Endpoints
- XQL
- Alerting and Detection
- Threat Intel Management
- Automation
- Attack Surface Management
- Incident Handling
- Dashboards and Reports
Prerequisites
Participants should have foundational understanding of cybersecurity principles and experience with analyzing incidents and using security tools for investigation.
Enquiry
Course : Cortex XSIAM: Investigation and Analysis
Enquiry
request for : Cortex XSIAM: Investigation and Analysis
