Chi dovrebbe partecipare
Cybersecurity analysts and engineers, and security operations specialists
Prerequisiti
Participants must be familiar with enterprise security concepts.
Obiettivi del Corso
This course is three days of instructor-led training that will help you to:
- Differentiate the architecture and components of the Cortex XDR family
- Describe Cortex, Cortex Data Lake, the Customer Support Portal, and the hub
- Activate Cortex XDR, deploy the agents, and work with the management console
- Work with the Cortex XDR management console, describe a typical management page, and work with the tables and filters
- Create Cortex XDR agent installation packages, endpoint groups, policies, and profiles
- Create and manage exploit and malware profiles, and perform response actions
- Describe detection challenges with behavioral threats
- Differentiate the Cortex XDR rules BIOC and IOC, and create and manage them
- Describe the Cortex XDR causality analysis and analytics concepts
- Triage and investigate alerts and incidents, and create alert starring and exclusion policies
- Work with the Causality and Timeline Views and investigate threats in the Query Center
Successful completion of this instructor-led course with hands-on lab activities should enhance the student’s understanding of how to activate a Cortex XDR instance; create agent installation packages to install the Cortex XDR agents; create security policies and profiles to protect endpoints against multi-stage, fileless attacks built using malware and exploits; respond to attacks using response actions; understand behavioral threat analysis, log stitching, agent-provided enhanced endpoint data, and causality analysis; investigate and triage attacks using the incident management page of Cortex XDR and analyze alerts using the Causality and Timeline analysis views; use API to insert alerts; create BIOC rules; and search a lead in raw data sets in Cortex Data Lake using Cortex XDR Query Builder.
Follow On Courses
Contenuti del Corso
- 1. Cortex XDR Family Overview
- 2. Working with the Cortex Apps
- 3. Getting Started with Endpoint Protection
- 4. Malware Protection
- 5. Exploit Protection
- 6. Exceptions and Response Actions
- 7. Behavioral Threat Analysis
- 8. Cortex XDR Rules
- 9. Incident Management
- 10. Alert Analysis Views
- 11. Search and Investigate
- 12. Basic Troubleshooting
Italiano
Inglese
Spagnolo
Francese
Tedesco
Germania
Emirati Arabi
Egitto