Konsultasiya almaq
Training Center MUKКурсыKurslar İnformasiya təhlükəsizliyiCortex XDR 3.0 – Investigation and Response

Cortex XDR 3.0 - Investigation and Response

Kursun kodu
EDU-262
Müddət
2 Gün, 16 Saat
Kursun təsviri
Məqsədlər
Tələblər
Kursun proqramı
Kursun təsviri

Overview

The first part of this instructor-led training enables you to investigate attacks from Cortex XDR management console pages, including the Incidents page and specialized artifact analysis views such as the IP View. In the first part, you will also learn how to run remote Python scripts on your endpoints.
The second part of the training enables you to work with Cortex XDR data processing capabilities to protect your environment against advanced threats such as fileless attacks. For example, in this part you will analyze alerts in the Causality View. Also, you will learn about Cortex XDR data collection capabilities, including Cortex XDR API for ingesting external alerts, and leverage the data to investigate threats. The training ends up with introductory modules to XDR Query Language XQL and two Pro features based-on Cortex XDR XQL engine.

Məqsədlər

Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable the students to:

  • Investigate attacks on the incidents page, and score, assign, and close them
  • Investigate artifacts using the specialized views such as IP View and Hash View
  • Work with Cortex XDR Pro actions: the remote script execution and EDL service
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Create and manage on-demand and scheduled search queries in the Query Center
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Work with the Cortex XDR’s external data ingestion support
  • Write XQL queries to search datasets and visualize the result sets
  • Create simple Correlation Rules and Parsing Rules using XQL
Tələblər

Target Audience

  • Cybersecurity analysts and engineers, and security operations specialists

Prerequisites

  • Participants must have taken the course EDU-260 (Cortex XDR: Prevention and Deployment).
Kursun proqramı

Course Modules

  • Cortex XDR Incidents
  • Investigation Views
  • Advanced Response Actions
  • Causality and Analytics Concepts
  • Causality Analysis of Alerts
  • Building Basic Search Queries
  • Building Basic XDR Rules
  • External Data Collection
  • Introduction to XQL
  • Correlation and Parsing Rules
Ən yaxın kurs üçün qeydiyyat
Cortex XDR 3.0 - Investigation and Response
Kursun kodu:
EDU-262
Müddət:
2 Gün, 16 Saat
Format
Tarixlər
28.10.24
Yer
Kiyev
Format
Tarixlər
11.11.24
Yer
Lyublyana
Yer
İngilis
Konsultasiya almaq
Свяжитесь со мной
Konsultasiya almaq
Отправить заявку
Vebinara qeydiyyat
Отправить заявку
Müraciətiniz qəbul olundu!
Yaxın zamanda sizinlə əlaqə saxlanılacaq.