Cortex XSIAM for Investigation and Analysis is a course for SOC analysts and incident responders using Palo Alto Networks’ Cortex XSIAM platform. Students learn to use XSIAM’s AI-powered alert management, investigation workbench, and threat hunting capabilities to triage alerts faster, trace attacker activity across telemetry sources, and manage the full incident lifecycle within the platform.
What You Will Learn
- Navigate the Cortex XSIAM interface and understand the AI-driven alert grouping and prioritization model
- Investigate incidents using the XSIAM investigation workbench and timeline views
- Hunt for threats using XSIAM Query Language (XQL) across endpoint, network, and identity telemetry
- Manage incident workflows including assignment, collaboration, and response actions
- Integrate threat intelligence and use XSIAM’s automated response capabilities
Who Should Attend
SOC analysts, threat hunters, and incident responders working in organizations that use Palo Alto Networks Cortex XSIAM as their primary SOC platform.
Prerequisites
General SOC experience and familiarity with security operations concepts. Prior Cortex XDR or XSOAR experience is beneficial.
