The curriculum combines lectures with extensive hands-on labs covering the following key areas:
XSOAR Architecture and Components: Understanding the installation, deployment models, engines, and overall system architecture.
Initial Setup and Configuration: Setting up the XSOAR environment, managing roles, permissions, integrations, and content packs.
Incident Lifecycle Management: Customizing the incident process, including data ingestion, classification, mapping, and lifecycle stages.
Integrations: Configuring built-in and custom integrations with third-party security tools to enable seamless communication and data exchange.
Playbook Development: The core of the course focuses on designing, building, and debugging complex security playbooks using both the playbook editor and Python scripts. This includes:
Automation Logic: Utilizing tasks, conditions, loops, and branching logic within playbooks.
Context Management: Effectively managing and manipulating incident data within the XSOAR context.
Sub-playbooks: Creating modular, reusable automation blocks.
Error Handling: Implementing robust error handling within automation scripts and playbooks.
Custom Content Creation:
Custom Fields and Layouts: Tailoring the incident details and user interface to match organizational requirements.
Indicators: Managing and enriching threat indicators (IOCs).
Scripting in Python: Writing and debugging custom Python automation scripts that extend XSOAR functionality beyond built-in integrations.
Reporting and Dashboards: Creating custom reports and data-driven dashboards to track security metrics, incident response times, and operational efficiency.
System Administration and Troubleshooting: Managing system health, performance tuning, upgrades, and troubleshooting common issues encountered during operation.
Target Audience and Prerequisites
Target Audience: Security engineers, SOAR administrators, security automation developers, and incident responders seeking to automate their workflows.
Prerequisites: Participants should have a strong understanding of general networking and security concepts. Proficiency in Python scripting is highly beneficial, as the course involves significant script development. Previous experience with security operations and incident response processes is recommended.
Completion of the EDU-380 course helps prepare candidates for the Palo Alto Networks Certified Security Automation Engineer (PCSAE) certification exam.
