Cortex XDR: Prevention, Analysis and Response (EDU-260)
The Cortex XDR course teaches students how the Cortex XDR agent protects against exploits and malware-driven attacks. In hands-on lab exercises, students will explore and configure the Cortex XDR management platform and install Cortex XDR agent as well as relevant components; create security policies and profiles to protect endpoints against multi-stage, fileless attacks built using malware and exploits; respond to attacks using response actions; understand behavioral threat analysis, log stitching, agent-provided enhanced endpoint data, and causality analysis; investigate and triage attacks using the incident management page of Cortex XDR and analyze alerts using the Causality and Timeline analysis views; use API to insert alerts; create BIOC rules; and search a lead in raw data sets in Cortex Data Lake using Cortex XDR Query Builder.
|Course Code||Description||Exam Code||Duration|
- Differentiate the architecture and components of the Cortex XDR family.
- Describe Cortex, Cortex Data Lake, the Customer Support Portal, and the hub.
- Activate Cortex XDR, deploy the agents, and work with the management console.
- Work with the Cortex XDR management console, describe a typical management page, and work with the tables and filters.
- Create Cortex XDR agent installation packages, endpoint groups, policies, and profiles.
- Create and manage exploit and malware profiles, and perform response actions.
- Describe detection challenges with behavioral threats.
- Differentiate the Cortex XDR rules BIOC and IOC, and create and manage them.
- Describe the Cortex XDR causality analysis and analytics concepts.
- Triage and investigate alerts and incidents, and create alert starring and exclusion policies.
- Work with the Causality and Timeline Views and investigate threats in the Query Center.