- • Aug 19-21, 2026 · Live Remote Online
PCXDR-SOI Cortex XDR: Security Operations and Integration
Course Duration
3 Days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
Attendees should possess a solid understanding of cybersecurity principles, including network and endpoint security concepts.
Course Description
The Cortex XDR: Security Operations and Integration (PCXDR-SOI) course is a three-day, instructor-led training that teaches security engineers and operations professionals how to deploy, configure, and integrate the Cortex XDR platform. You will learn the roles of Cortex XDR components including endpoint agents, XDR collectors, NGFWs, and Broker VMs. You will use XQL to query and analyze logs for effective data ingestion and threat detection, design and implement security workflows, and apply External Dynamic Lists and indicator rules to enforce security policies. This course is designed for security engineers responsible for building and operating Cortex XDR deployments.
Learning Objectives
- Describe the role of Cortex XDR components including endpoint agents, XDR collectors, NGFWs, and Broker VMs
- Configure data ingestion sources and verify log collection within Cortex XDR
- Use XQL to query and analyze logs for threat detection and investigation
- Design and implement security operation workflows within the Cortex XDR platform
- Apply External Dynamic Lists and indicator rules to enforce security policies
- Integrate Cortex XDR with third-party security tools and data sources
- Monitor and tune Cortex XDR alert rules and detection policies
Course Outline
Course Topics
- Cortex XDR Architecture and Components
- Endpoint Agent Deployment and Configuration
- XDR Collectors and Broker VM Setup
- Data Ingestion and Log Source Configuration
- XQL: Querying and Analyzing Log Data
- Security Workflow Design and Implementation
- External Dynamic Lists and Indicator Management
- Third-Party Integration and API Usage
- Alert Tuning and Detection Policy Management
Frequently Asked Questions
What does the Cortex XDR Security Operations and Integration course cover?
This course covers configuring and integrating the Cortex XDR platform for security operations — component setup, data ingestion, XQL querying, workflow design, indicator management, and third-party integrations. It is designed for security engineers building and operating Cortex XDR environments.
How is this course different from the Cortex XDR Investigation and Analysis course?
The Investigation and Analysis course (PCXDR-IA) focuses on analyst skills for investigating cases and querying data. The Security Operations and Integration course (PCXDR-SOI) focuses on engineering and operations — configuring components, setting up data sources, building workflows, and integrating Cortex XDR with the broader security stack.
How long is the Cortex XDR Security Operations and Integration course?
The course is 3 days. It is available as live remote online instruction or on-site at your facility.
Is this course available as live remote online training?
Yes. IT Dojo offers this course as live remote online training. On-site delivery is also available for teams of four or more.
How do I register for this course?
IT Dojo training is employer-sponsored — your organization registers and pays for seats. Contact IT Dojo via the Request Training form or call 757-216-3656 to schedule for your team.