XSIAM-IA Cortex XSIAM for Investigation and Analysis

Course Duration

2 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Participants should have a foundational understanding of cybersecurity principles and experience with analyzing incidents and using security tools for investigation.

Course Description

The Cortex XSIAM for Investigation and Analysis (XSIAM-IA) course is a two-day, instructor-led training focused on using Palo Alto Networks Cortex XSIAM for security incident investigation. XSIAM (Extended Security Intelligence and Automation Management) is Palo Alto Networks' AI-driven security operations platform that combines SIEM, SOAR, threat intelligence, and attack surface management into a single unified system. This course teaches SOC analysts and incident responders how to leverage XSIAM's investigation capabilities to rapidly detect, analyze, and respond to threats.

Learning Objectives

• Describe the Cortex XSIAM architecture and how it unifies SIEM, SOAR, and threat intelligence capabilities
• Navigate the XSIAM console and use key investigation features
• Investigate security incidents and alerts using the XSIAM incident management workflow
• Analyze causality chains and key artifacts to determine root cause and attack scope
• Use XSIAM's built-in query and analytics capabilities to surface threat data
• Apply threat intelligence within XSIAM to enrich investigation findings
• Document findings and close incidents following SOC investigation procedures

Course Outline

Course Topics

• Cortex XSIAM Platform Overview
• Incident Management and Investigation Workflow
• Alert Analysis and Triage
• Causality Chain Analysis
• Query and Analytics Capabilities
• Threat Intelligence Integration
• Case Documentation and Closure

Frequently Asked Questions