Cortex XDR 2: Prevention, Analysis and Response (EDU-260)

The Cortex XDR course teaches students how the Cortex XDR agent protects against exploits and malware-driven attacks. In hands-on lab exercises, students will explore and configure the Cortex XDR management platform and install Cortex XDR agent as well as relevant  components; create security policies and profiles to protect endpoints against multi-stage, fileless attacks built using malware and exploits; respond to attacks using response actions; understand behavioral threat analysis, log stitching, agent-provided enhanced endpoint data, and causality analysis; investigate and triage attacks using the incident management page of Cortex XDR and analyze alerts using the Causality and Timeline analysis views; use API to insert alerts; create BIOC rules; and search a lead in raw data sets in Cortex Data Lake using Cortex XDR Query Builder.

Course Content/Exam(s)
Course Code Description Exam Code Duration
PAN-EDU-260  EDU-260-Datasheet.pdf 3 Days
Course Benefits
  • Differentiate the architecture and components of the Cortex XDR family.
  • Describe Cortex, Cortex Data Lake, the Customer Support Portal, and the hub.
  • Activate Cortex XDR, deploy the agents, and work with the management console.
  • Work with the Cortex XDR management console, describe a typical management page, and work with the tables and filters.
  • Create Cortex XDR agent installation packages, endpoint groups, policies, and profiles.
  • Create and manage exploit and malware profiles, and perform response actions.
  • Describe detection challenges with behavioral threats.
  • Differentiate the Cortex XDR rules BIOC and IOC, and create and manage them.
  • Describe the Cortex XDR causality analysis and analytics concepts.
  • Triage and investigate alerts and incidents, and create alert starring and exclusion policies.
  • Work with the Causality and Timeline Views and investigate threats in the Query Center.

Enquire About Course

140 characters