EDU-260 Cortex XDR 3.0 : Prevention, Analysis and Response

Upcoming Classes

EDU-260 EDU-260 Cortex XDR 3.0 : Prevention, Analysis and Response

This course is three days of instructor-led training that will help you to:

  • Differentiate the architecture and components of Cortex XDR
  • Describe the threat prevention concepts for endpoint protection
  • Work with the Cortex XDR management console
  • Differentiate exploit and malware attacks and describe how Cortex XDR blocks them
  • Perform appropriate response actions
  • Describe the Cortex XDR causality analysis and analytics concepts
  • Triage and investigate alerts, and manage incidents
  • Manage Cortex XDR rules and investigate threats through the Query Center

Cybersecurity analysts and security operations specialists

Participants must be familiar with enterprise security concepts.

  • Getting Started With Endpoint Protection
    • Cortex XDR management console
      • Main Elements
      • Filtering
      • Layout
    • Agent installations
      • Overview
      • Create Installer and install
      • Agent Console
      • cytool
    • Endpoints and endpoint groups
      • Endpoint Administration
      • Endpoint Group Administration
    • Policy rules and profiles
      • Policy Management Overview
      • Profile types
      • Agent settings
    • Lab
      • Create a Cortex XDR agent installation package for Windows
      • Install Cortex XDR agent to a Windows endpoint
      • Create static and dynamic endpoint groups
      • Clone the default Agents Settings Profile and modify the settings
      • Clone the default policy rule and modify the settings
  • Working with the Cortex Apps
    • Working with the Cortex apps
      • Overview
      • Customer Support Portal
      • HUB
    • Activation of Cortex XDR
    • Lab
      • Access the Cortex hub and explore the homepage
      • Verify your Cortex XDR instance and your Cortex XDR application roles
      • Access the Cortex XDR management console
  • Cortex XDR Family Overview
    • Cyberattack vectors
    • Cortex XDR features
    • Cortex XDR offerings
    • Lab
      • Lab Overview
      • Generate a PowerShell script, a payload, to demonstrate a reverse shell attack
  • Malware Protection
    • Restrictions and Malware Profiles overview
      • Restrictions Profiles
      • Malware profiles overview flow
      • Malware profiles flow
    • Malware protection modules and their configurations
      • Portable Executable and DLL Examination
      • Office Files with Macros Examination – profile
      • Behavioral Threat Protection
      • Ransomware Protection
      • Child Process Protection
      • Endpoint Scanning
      • Password Theft Protection
    • Lab
      • Create Restrictions Profiles and change the settings
      • Create Malware Profiles and change the settings
      • Work with Ransomware Protection
      • Work with Behavioral Threat Protection
  • Exploit Protection
    • Application exploit prevention
    • Exploitation techniques and defence mechanisms
    • Exploit protection modules and Exploit Profiles
      • Overview
      • Exploit Profiles
      • Exploit protection in action
    • Lab
      • Initiate exploit attacks from Metasploit
      • Describe the structure of a command-and-control server from the perspective of the attacker
      • Create Exploit Profiles and change various settings
  • Exceptions and Response Actions
    • Exceptions
      • Global vs profile exceptions
      • Process Exceptions
      • Support Exceptions
      • Behavioural & Digital Signer
    • Actions overview
    • Response actions
      • Actions from Action Center
      • Actions from Endpoint Administration
      • Actions from Alerts Analysis
    • Script Execution
    • Lab
      • Create process exceptions and hash exceptions
      • Import security exceptions
      • Terminate suspicious processes
      • Isolate endpoints, and then cancel isolations
      • Quarantine and then restore files
      • Work with Action Center to perform actions and track action progress
      • Using the browser’s developer console, verify the role of the sign-in user
      • Upload your custom Python script and then remotely execute it on the endpoint
      • Work with the Live Terminal
  • Behaviroal Threat Analysis
    • Detection and Response use case
      • Incident Analysis vs Data Research
      • Incident Analysis
      • Data Research
    • Behavioral threat analysis
    • Causality Analysis Engine
    • Analytics Engine
    • Lab
      • Configure upload of the EED
      • Analyze alerts with and without EED and compare the results
      • Manage (stop, start, and query) the EED from the endpoint
      • Trace the Agent log for the EED uploads
  • Cortex XDR Rules
    • Working with BIOC rules
    • Working with IOC rules and rules exceptions
    • Lab
      • Explore the BIOC and IOC pages
      • Describe BIOC and IOC tables after examining the columns (field)
      • Create and manage BIOC rules
      • Create and manage IOC rules
      • Create rules exceptions
  • Incident Management
    • Alerts
      • Overview
      • Alert Actions
      • Stitched vs non-stitched
    • Incidents
      • Incident List and actions
      • Incident View
      • Incident Administration
    • External alerts
    • Alert exclusion and starring policies
    • Lab
      • Manage incidents including change status and assign investigators
      • Prioritize and close incidents
      • View the incident details including alert breakdown, key assets and key artefacts
      • Use the Cortex XDR API to send an external alert to Cortex XDR
      • Create and manage alert starring policies
      • Create and manage alert exclusion policies
  • Alert Analysis Views
    • Motivation for advanced alert analysis
    • Analyzing alerts in the Causality View
    • Analyzing alerts in the Timeline View
    • Lab
      • Investigate alerts in the Causality view
      • Investigate alerts in the Timeline view
  • Search and Investigate
    • Building queries on raw data sets
    • Managing scheduled and non-scheduled queries
    • Lab
      • Build search queries of any type
      • Work on the results table
      • Manage queries in the Query Center
      • Work with scheduled queries
  • Basic Troubleshooting
    • Troubleshooting methodologies and resources
    • Troubleshooting tools for the Cortex XDR agent
      • cytool
      • Agent Identification
      • log
    • Working with Technical Support
      • retrieve and analyse support file
    • Lab
      • Set the log level of the Cortex XDR agent
      • Add a trusted signer and verify the signer in the registry
      • Retrieve a Support File
  • Level: Intermediate
  • Format: Lecture and hands-on labs
  • Platform support: Palo Alto Networks Cortex XDR Pro per
    endpoint and Pro per TB

    Contact Us for more details