PaloAlto Firewall (EDU-262) Cortex XDR: Investigation and Response

The Cortex XDR 2: Investigation and Response (EDU-262) course is intended for Cybersecurity analysts and engineers, and security operations specialists. This can also include security engineers and security administrators.

Kesto: 2 päivää

Ajankohta: 11.-12.6.2024, Espoo / Online

Hinta: 1500€


Koulutuksen tarkemmat tiedot


This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics.

You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution. Multiple modules focus on how to leverage the collected data. You will create simple search queries in one module and XDR rules in another.

The course demonstrates how to use specialized investigation views to visualize artifact-related data, such as IP and Hash Views. Additionally, it provides an introduction to XDR Query Language (XQL).

Successful completion of this instructor-led course with hands-on lab activities should enable participants to:

  • Investigate and manage incidents
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Work with Cortex XDR Pro actions such as remote script execution
  • Create and manage on-demand and scheduled search queries in the QueryCenter
  • Create and manage the Cortex XDR rules BIOC and IOC Working with Cortex XDR assets and inventories
  • Write XQL queries to search datasets and visualize the result sets
  • Work with Cortex XDR's external-data collection


  • Cortex XDR Incidents
  • Causality and Analytics Concepts
  • Causality Analysis of Alerts
  • Advanced Response Actions
  • Building Search Queries
  • Building XDR Rules
  • Cortex XDR Assets
  • Introduction to XQL
  • External Data Collection

Kurssityyppi: Luentoja, laboratorioharjoituksia

Kurssikieli: Luennot suomeksi, materiaali englanniksi

Kohderyhmä: Cybersecurity analysts and engineers, Security operations specialists

Esitietovaatimukset: Participants must have completed EDU-260 (Cortex XDR: Prevention and Deployment).

  • PaloAlto Firewall 10.2. perusteet

    Kurssilla perehdytään Palo Alto Networksin NGFW-palomuuriratkaisuun käytännön harjoitteiden avulla. Kurssilla tehdään runsaasti laboratorioharjoituksia, jotka tehostavat oppimista. Kurssin tavoitteena on tarjota oppilaille ymmärrys Palo Alto Networksin palomuurien ominaisuuksiin sekä yleisimmin käytettyjen ratkaisujen toteutukseen

  • PaloAlto Firewall Essentials 10.2: Configuration and management (EDU-210)

    Successful completion of this five-day, instructor-led course should enhance the student’s understanding of how to configure and manage Palo Alto Networks NextGeneration Firewalls. The course includes hands-on experience configuring, managing, and monitoring a firewall in a lab environment.

  • PaloAlto Firewall 11.0: Troubleshooting

    Successful completion of this three-day, instructor-led course will enhance the participant’s understanding of how to troubleshoot the full line of Palo Alto Networks Next-Generation Firewalls. Participants will perform hands-on troubleshooting related to the configuration and operation of the Palo Alto Networks firewall.