Learn the fundamentals of Cortex XSIAM from a post-sales technical perspective, with topics such as Ingestion, Endpoints, and Threat Intelligence Management.
Cortex XSIAM
Foundation
-
Cortex XSIAM Foundational Concepts
These courses cover the Security Operations Center (SOC), its objectives, strategies, and challenges, providing insights on incident response, cybersecurity frameworks, network sensors, logs, endpoint security, threat intelligence, and Security Orchest...
-
Elements of Security Operations
The courses in this path provide a comprehensive introduction to security operations, covering topics such as the use of automation by security analysts to detect threats, the Processes pillar with its elements and phases, the Affiliates pillar focusin...
Learning Cortex XSIAM
-
Cortex XSIAM: Introduction to XSIAM
Learn how to use Cortex Extended Security Intelligence and Automation Management (XSIAM) to reduce Security Operations Center (SOC) analyst alert fatigue and increase SOC efficiency, as well as the benefits of Cortex XSIAM over security information and...
-
Cortex XSIAM: Ingestion
This course describes the key Cortex XSIAM modules, their roles in cybersecurity, various ingestion formats, simplifying the onboarding process, and the importance of interacting with third-party tools.
-
Cortex XSIAM: Endpoints
This course describes the essentials of securing endpoints, from their significance to the deployment and management of security profiles. This course also examines endpoint security across platforms, advanced concepts like file analysis and agent comm...
-
Cortex XSIAM: Alerting and Detection
This course describes the foundational ideas behind threat detection and response using Cortex XSIAM, covering the essential tools and strategies used to understand how to identify and mitigate threats proactively.
-
Cortex XSIAM: Threat Intel Management
This course describes how Cortex XSIAM provides proactive defense against attacks using Threat Intelligence Management (TIM). It also describes the components of TIM as well as automation and Indicators.
-
Cortex XSIAM: Attack Surface Management
This course describes Attack Surface Management (ASM) and the role it plays in Cortex XSIAM protection. It also describes attack surface rules, asset management, and playbooks.
-
Cortex XSIAM: Incident Handling
This course describes how incident handling helps organize and manage security-related information in Cortex XSIAM. It also describes viewing and analyzing incidents.
-
Cortex XSIAM: Tuning and Optimization
This course describes how to optimize and tune Cortex XSIAM in order to enhance overall security. It also covers policies and settings as well as their impact on strengthening security measures.
-
Cortex XSIAM: Automation
This course describes automation in Cortex XSIAM, including the benefits of using XSIAM Marketplace as well as how playbooks can automate and streamline security processes.
-
Cortex XSIAM: Compliance in CyberSecurity
This course describes the role of compliance in cybersecurity and how Cortex XSIAM can help you be compliant.
-
Cortex XSIAM: Data Sources
This course describes data sources in Cortex XSIAM and why they are critical in optimizing security. It also describes the methods of data sources and how they are ingested and parsed.
-
Cortex XSIAM: Data Models
This course describes XSIAM Data Models (XDM) and best practices for using and managing data sources.
-
Cortex XSIAM: Cloud Security Agent
This course describes the capabilities of Cortex® XSIAM to pair with Prisma Cloud, providing active vulnerability analysis on Linux and Kubernetes host endpoints.
-
Cortex XSIAM: Domains
This course offers insights into managing Security, IT, and Hunting domains within Cortex XSIAM. Learn how to utilize key components to enhance incident response and operational efficiency within these domains.
-
Cortex XSIAM: Analysis and Collaboration
This course describes the functionality, use cases, and operational details of some core analytical and collaboration-oriented components of Cortex XSIAM, including the war rooms, command line interface (CLI), and context data.
-
Cortex XSIAM: Dashboards and Reports
This course describes how to access and modify dashboards in Cortex XSIAM. This course also describes how to create, run, and customize reports.
-
Cortex XSIAM: Work Plan and Playbook Tasks
This course describes the features and functions of an incident work plan, its application in incident investigations, and provides an introduction to the various types of playbook tasks.
-
Cortex XSIAM: Working with Lists
This course describes the usage of lists in Cortex XSIAM, the process of creating lists, and an overview of commands for managing lists.
-
Cortex XSIAM: Creating and Managing Jobs
This course describes the basic skills needed for creating and managing jobs in Cortex XSIAM. The course covers understanding job functionality, designing various job types, and effectively managing them using a range of tools and options.
-
Cortex XSIAM: Classification and Mapping
This course describes the importance of classification and mapping of alerts and indicators in the automation and feed integration lifecycle, as well as the steps to create, edit, or clone a classifier and/or a mapper, and configure in the integration ...
-
Cortex XSIAM: Datasets
This course describes creating datasets using data model and parsing rules.
-
Cortex XSIAM: Analyzing Alert Causality
This course describes how you can use the Causality Instance graph to perform investigations. The course also describes how to analyze alerts in the Causality View and Timeline View.
-
Cortex XSIAM: Network Asset Discovery and Management
This course describes the capabilities of Cortex XSIAM to work with network assets and vulnerability assessment.