- • Jul 20-23, 2026 · Live Remote Online
- • Sep 21-24, 2026 · Live Remote Online
- • Nov 2-5, 2026 · Live Remote Online
XSOAR-ESA Cortex XSOAR: Engineering Security Automation Solutions
Course Duration
4 Days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
Participants should have a basic understanding of networking concepts such as identifying private IPs and domains, cybersecurity concepts such as Indicators of Compromise, and experience navigating Windows and Linux environments using the GUI and CLI.
Course Description
The Cortex XSOAR: Engineering Security Automation Solutions (XSOAR-ESA) course is a four-day, instructor-led training that teaches you how to integrate existing security tools with Cortex XSOAR to streamline security processes, accelerate security outcomes, and automate manual security tasks. You will build integrations, develop automation playbooks, manage incidents, and create dashboards that tie your security stack together into an efficient, coordinated defense. This course is designed for security engineers and automation developers responsible for building and operating SOAR capabilities within a SOC.
Learning Objectives
- Describe the Cortex XSOAR architecture and key automation components
- Configure integrations between Cortex XSOAR and third-party security tools
- Develop and deploy automation playbooks to respond to security incidents
- Create custom scripts and commands to extend XSOAR functionality
- Manage incidents and cases within the XSOAR incident management system
- Build dashboards and reports to provide SOC operational visibility
- Test, debug, and optimize playbooks and integrations for production use
- Implement role-based access control and multi-tenancy in XSOAR
Course Outline
Course Topics
- Cortex XSOAR Architecture and Components
- Configuring Integrations with Security Tools
- Playbook Development and Automation Logic
- Custom Scripts and Commands
- Incident Management and Case Handling
- Dashboard and Report Creation
- Testing, Debugging, and Optimizing Playbooks
- Role-Based Access Control and Multi-Tenancy
- Production Deployment Best Practices
Frequently Asked Questions
What does the Cortex XSOAR Engineering Security Automation course cover?
This four-day course covers how to build and operate Cortex XSOAR as a security automation platform — configuring integrations, developing playbooks, writing custom scripts, managing incidents, building dashboards, and deploying XSOAR in production SOC environments.
Who is this course designed for?
This course is designed for security engineers and automation developers who are responsible for integrating and operating SOAR capabilities within a SOC. Some experience with scripting or development is helpful, along with familiarity with security operations concepts.
How long is the Cortex XSOAR Engineering Security Automation course?
The course is 4 days. It is available as live remote online instruction or on-site at your facility.
Is this course available as live remote online training?
Yes. IT Dojo offers this course as live remote online training with multiple scheduled dates throughout the year. On-site delivery is also available for teams of four or more.
How do I register for this course?
IT Dojo training is employer-sponsored — your organization registers and pays for seats. Contact IT Dojo via the Request Training form or call 757-216-3656 to schedule for your team.