Cortex XDR 3.0 - Investigation and Response

Overview

The first part of this instructor-led training enables you to investigate attacks from Cortex XDR management console pages, including the Incidents page and specialized artifact analysis views such as the IP View. In the first part, you will also learn how to run remote Python scripts on your endpoints.
The second part of the training enables you to work with Cortex XDR data processing capabilities to protect your environment against advanced threats such as fileless attacks. For example, in this part you will analyze alerts in the Causality View. Also, you will learn about Cortex XDR data collection capabilities, including Cortex XDR API for ingesting external alerts, and leverage the data to investigate threats. The training ends up with introductory modules to XDR Query Language XQL and two Pro features based-on Cortex XDR XQL engine.

Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable the students to:

• Investigate attacks on the incidents page, and score, assign, and close them
• Investigate artifacts using the specialized views such as IP View and Hash View
• Work with Cortex XDR Pro actions: the remote script execution and EDL service
• Describe the Cortex XDR causality and analytics concepts
• Analyze alerts using the Causality and Timeline Views
• Create and manage on-demand and scheduled search queries in the Query Center
• Create and manage the Cortex XDR rules BIOC and IOC
• Work with the Cortex XDR’s external data ingestion support
• Write XQL queries to search datasets and visualize the result sets
• Create simple Correlation Rules and Parsing Rules using XQL