This course is aimed at security engineers and managers responsible for designing, integrating, and automating the XSIAM platform. The key modules include:
Overview of Cortex XSIAM: Understanding the architecture, components, and the AI-driven SOC platform concept.
Software Components & Integrations: Learning how to integrate various data sources, including endpoint agents, XDR collectors, NGFWs, and Broker VMs.
XQL (XSIAM Query Language): Using XQL to query and analyze logs for detection engineering and data ingestion.
Detection Engineering: Creating custom detection rules and alerts.
Automation: Developing and optimizing workflows and playbooks for streamlined incident handling and operational efficiency.
Threat Intel Management: Configuring threat intelligence feeds, managing indicators, and creating prevention rules.
Attack Surface Management: Understanding asset inventory, vulnerability identification, and threat response in the Attack Surface Threat Response Center.
UI Customizations: Customizing dashboards and reports for enhanced visibility and performance tracking.
Cortex XSIAM: Investigation and Analysis (Analyst Course)
This targeted course is for SOC analysts, incident responders, and threat hunters, focusing on using the platform's tools for daily operations. Key modules include:
Incident Handling and Response: Managing the incident lifecycle, investigating alerts, and performing response actions in the Action Center.
Alerting and Detection Processes: Understanding alert correlation, causality chains, prioritization, and incident scoring.
Investigation and Analysis: Analyzing assets and artifacts using visual tools like the Causality Chain and Timeline Views for root cause analysis.
XQL for Analysts: Using basic and advanced XQL queries to extract security insights from log data and perform threat hunting.
Threat Intelligence Management: Utilizing threat intelligence within investigations to enrich alerts and add context.
Dashboards and Reports: Building custom dashboards and reports tailored for analysis and stakeholder communication.
Cortex Copilot: Utilizing AI-driven assistance during investigations.
Target Audience and Certification
Prerequisites: Participants should have a foundational understanding of cybersecurity principles and experience with network and endpoint security fundamentals.
Certification: The Engineer course is recommended for the Cortex XSIAM Engineer certification, while the Analyst course prepares for the Cortex XSIAM Analyst certification.
