Palo Alto Networks: Cortex XSIAM for Security Operations and Automation (EDU-270)

Cortex XSIAM is the industry's most comprehensive security incident and asset management platform, offering extensive coverage for securing and managing infrastructure, workloads, and applications across multiple environments.

This four-day course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Engineering roles, to use XSIAM
It reviews XSIAM intricacies, from fundamental components to advanced strategies and automation techniques, including skills needed to navigate incident handling, optimize log sources, and orchestrate cybersecurity excellence.

Course Modules

1. Introduction to Cortex XSIAM
2. Elements of Security Operations
3. Maturity Model
4. Agent Deployment and Configuration
5. Data Source Ingestion
6. Visibility
7. Data Model
8. Analytics
9. Alerting and Detecting
10. Attack Surface Management
11. Automation
12. Incident Handling / SOC

Participants must be familiar with enterprise product deployment, networking, and security concepts.

SOC/CERT/CSIRT/XSIAM engineers and managers, MSSPs and service delivery partners/system integrators, internal and external professional-services consultants and sales engineers, incident responders and threat hunters.