Cortex XSIAM: Security Operations, Integration and Automation is designed for security engineers and platform administrators who deploy and configure Palo Alto Networks Cortex XSIAM. Students learn to onboard data sources, configure ingestion pipelines, build automation playbooks, integrate third-party security tools, and tune the platform for optimal SOC performance and coverage.
What You Will Learn
- Configure data ingestion pipelines and connect Cortex XSIAM to endpoint, network, identity, and cloud data sources
- Build and manage automation playbooks for alert triage, enrichment, and response
- Develop custom XQL queries and detection rules to identify threats specific to your environment
- Integrate Cortex XSIAM with ticketing systems, SOAR tools, and threat intelligence platforms
- Tune alert correlation models and manage platform performance and data retention
Who Should Attend
Security engineers, SOC platform administrators, and security architects responsible for implementing and maintaining Cortex XSIAM.
Prerequisites
Experience in security operations or SIEM/SOAR administration. Familiarity with Palo Alto Networks products is beneficial.
