XSIAM-SOIA Cortex XSIAM: Security Operations, Integration and Automation

Course Duration

3 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

Participants should have a foundational understanding of cybersecurity principles and experience with network and endpoint security fundamentals.

Course Description

The Cortex XSIAM: Security Operations, Integration and Automation (XSIAM-SOIA) course is a three-day, instructor-led training designed for cybersecurity professionals in SOC, CERT, and CSIRT engineering roles. The course covers XSIAM from fundamental components to advanced configuration, including how to configure security integrations with third-party tools, develop automation workflows, manage indicators, and optimize dashboards for enhanced security operations. Students will develop the skills needed to build and operate XSIAM as a production SOC platform.

Learning Objectives

• Describe Cortex XSIAM components and their roles in the security operations platform
• Configure security integrations to ingest data from third-party tools and platforms
• Develop and deploy automation workflows to accelerate threat detection and response
• Manage threat indicators and apply them within XSIAM detection policies
• Create and optimize dashboards for SOC situational awareness and operational metrics
• Configure alert rules and correlation policies within XSIAM
• Tune automation playbooks and integrations for operational efficiency

Course Outline

Course Topics

• XSIAM Platform Components and Architecture
• Configuring Security Integrations
• Data Ingestion and Normalization
• Automation Workflow Development
• Indicator Management
• Alert Rules and Correlation Policies
• Dashboard Creation and Optimization
• Playbook Tuning and Operational Best Practices

Frequently Asked Questions