PCXDR-IA Cortex XDR: Investigation and Analysis

Course Duration

2 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Participants should have a foundational understanding of cybersecurity principles and experience with analyzing incidents and using security tools for investigation.

Course Description

The Cortex XDR: Investigation and Analysis (PCXDR-IA) course is a two-day, instructor-led training that teaches security analysts how to investigate cases, analyze key assets and artifacts, and interpret causality chains within the Cortex XDR platform. You will learn how to query and analyze logs using XQL (XDR Query Language) to extract meaningful threat intelligence, and how to use advanced investigation tools to perform comprehensive case analysis. This course is designed for SOC analysts and incident responders working in Cortex XDR environments.

Learning Objectives

• Investigate cases in Cortex XDR and analyze key assets and artifacts
• Interpret causality chains to understand attack progression and root cause
• Write and execute XQL queries to query and analyze log data
• Extract actionable insights from XDR log data to support incident response
• Use advanced Cortex XDR investigation tools and resources for comprehensive case analysis
• Correlate alerts and events across endpoints, networks, and cloud to build a complete picture of an incident

Course Outline

Course Topics

• Cortex XDR Platform Overview
• Case Management and Investigation Workflow
• Analyzing Alerts, Assets, and Artifacts
• Causality Chain Analysis
• XQL: Querying and Analyzing Log Data
• Advanced Investigation Tools and Techniques
• Incident Response with Cortex XDR

Frequently Asked Questions