Cortex® XSIAM for Security Operations and Automation
Код курсу
EDU-270
Тривалість
4 Днів, 32 Ак. Годин
Опис курсу
Цілі
Вимоги
Програма курсу
Опис курсу
Overview
XSIAM is the industry’s most comprehensive security incident and asset management platform, offering extensive coverage for securing and managing infrastructure, workloads, and applications across multiple environments.
Throughout this course, you will explore the key features of Cortex XSIAM.
This course is designed to enable you to:
- Deploy, configure, and install XDR agents and configure Agent Groups and profiles
- Investigate incidents, examine assets and artifacts, and understand the causality chain
- Create correlation rules, use XQL to query logs, and analyze incidents using available tools and resources
Цілі
Objectives
The course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Engineering roles, to use XSIAM.
The course reviews XSIAM intricacies, from fundamental components to advanced strategies and automation techniques, including skills needed to navigate incident handling, optimize log sources, and orchestrate cybersecurity excellence.
Вимоги
Prerequisites
Participants must be familiar with enterprise product deployment, networking, and security concepts.
Target Audience
SOC/CERT/CSIRT/XSIAM engineers and managers, MSSPs and service delivery partners/system integrators, internal and external professional-services
consultants and sales engineers, incident responders and threat hunters.
Програма курсу
Course Modules
1 – Introduction to Cortex XSIAM
2 – Elements of Security Operations
3 – Maturity Model
4 – Agent Deployment and
Configuration
5 – Data Source Ingestion
6 – Visibility
7 – Data Model
8 – Analytics
9 – Alerting and Detecting
10 – Attack Surface Management
11 – Automation
12 – Incident Handling / SOC
Реєстрація на найближчий курс
Cortex® XSIAM for Security Operations and Automation
Код курсу:
EDU-270
Тривалість:
4 Днів, 32 Ак. Годин
