This four-day course should enable students to integrate their existing security tools with Cortex XSOAR to streamline security processes, accelerate security outcomes, and automate manual security-oriented tasks. This is an update and replacement for the previous (EDU-380) Cortex XSOAR: Automation and Orchestration.

The Palo Alto Networks Cortex XSOAR: Engineering Security Automation Solutions course is a four-day instructor-led training with a blend of lectures and hands-on labs. This training will enable students to use Cortex XSOAR to:

• Conduct incident investigation and response activities on a phishing campaign
• Create custom dashboards and generate reports
• Install multiple engines and configure a load balancing group
• Use built-in and external integrations to ingest incidents and automate security processes
• Plan and implement an automation use case by building playbooks and automation scripts

Objectives

Successful completion of this four-day, instructor-led course should enable students to integrate their existing security tools with Cortex XSOAR to streamline security processes, accelerate security outcomes, and automate manual security-oriented

tasks.

Target Audience

• SOC / SIEM / Automation Engineers
• MSSPs and Service Delivery Partners working with XSOAR

Prerequisites

Participants should have a basic understanding of:

• Networking concepts, such as identifying private IPs and domains
• Cybersecurity concepts, such as Indicators of Compromise
• Navigating Windows and Linux environments using the GUI and CLI

Course Modules

0 - Course Introduction

1 - XSOAR Overview

2 - Incident Management

3 - Threat Intelligence

4 - Analyst Investigations

5 - Dashboards, Reports, and Timers

6 - Integrations and Content Management

7 - Architecture

8 - Use Case Planning and Implementation

9 - Playbook Development

10 - Automation Scripts