• Online, Instructor-Led
  • Classroom

Palo Alto Networks Cortex XDR: Investigation and Response is a two-day, instructor-led course
that teaches students how to use the Incidents pages of the Cortex XDR management console
to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs,
log stitching and the concepts of causality and analytics

Learning Objectives

Successful completion of this course will enable students to:

  • Differentiate the architecture and components of Cortex XDR and learn to investigate and manage incidents
  • Work with Cortex XDR Pro actions such as remote script execution
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Work with Cortex XDR assets and inventories
  • Write XQL queries to search data sets and visualize the result sets

Framework Connections