Let us know if you would like a date for this course added to our schedule
This course is three days of instructor-led training that will help you to: ? Differentiate the architecture and components of the Cortex XDR family ? Describe Cortex, Cortex Data Lake, the Customer Support Portal, and the hub ? Activate Cortex XDR, deploy the agents, and work with the management console ? Work with the Cortex XDR management console, describe a typical management page, and work with the tables and filters ? Create Cortex XDR agent installation packages, endpoint groups, policies, and profiles ? Create and manage exploit and malware profiles, and perform response actions ? Describe detection challenges with behavioral threats ? Differentiate the Cortex XDR rules BIOC and IOC, and create and manage them ? Describe the Cortex XDR causality analysis and analytics concepts ? Triage and investigate alerts and incidents, and create alert starring and exclusion policies ? Work with the Causality and Timeline Views and investigate threats in the Query Center
Participants must be familiar with enterprise security concepts.
Cybersecurity analysts and engineers, and security operations specialists
Successful completion of this instructor-led course with hands-on lab activities should enhance the student’s understanding of how to activate a Cortex XDR instance; create agent installation packages to install the Cortex XDR agents; create security policies and profiles to protect endpoints against multi-stage, fileless attacks built using malware and exploits; respond to attacks using response actions; understand behavioral threat analysis, log stitching, agent-provided enhanced endpoint data, and causality analysis; investigate and triage attacks using the incident management page of Cortex XDR and analyze alerts using the Causality and Timeline analysis views; use API to insert alerts; create BIOC rules; and search a lead in raw data sets in Cortex Data Lake using Cortex XDR Query Builder.