Cortex XDR
Cortex XDR: Prevention, Investigation and Response
The Cortex XDR courses are currently being updated, and more courses are on the way. The courses in this section are the most recent, but if the content you’re looking for is not here, then review the Cortex XDR 3 courses in the section below.
-
Cortex XDR 3.7: What’s New
The Cortex XDR product continues to evolve to bring new capabilities to enable your security operations center (SOC). This course describes the new feature updates introduced in the Cortex XDR 3.7 release.
-
Cortex XDR: Main Components
This course describes the Cortex XDR basic operating environment and how you can work with Cortex XDR cloud components and the Cortex XDR agent.
-
Cortex XDR: Management Console
This course describes different areas of the Cortex XDR management console, including how you can use the Quick Launcher to search for artifacts and console pages. The course also describes how you can manage endpoints and endpoint groups, download age...
-
Cortex XDR: Profiles and Policy Rules
This course describes Cortex® XDR profile types and policy rules management and how to configure agent settings and restriction profiles on various endpoints.
-
Cortex XDR: Multi-Method Malware Detection and Prevention
This course describes the capabilities of Cortex XDR for a multi-method malware detection and prevention.
-
Cortex XDR: Exploit Protection
This course describes the various exploits and the tools you can use to help prevent them and protect your environment.
-
Cortex XDR: Basic Agent Troubleshooting
This course describes troubleshooting methodologies, resources, and how to troubleshoot agent-specific issues using the Cortex XDR agents.
-
Cortex XDR: Advanced Response Actions in Cortex XDR Pro
This course describes how you can use remediation actions to prevent an attack, run scripts on endpoints, and enable the Cortex XDR EDL service.
-
Cortex XDR: Incidents
This course describes how incidents are created in Cortex XDR and how you can work with incidents. The course also describes different Advanced view tabs for viewing incidents and incident scoring rules.
-
Cortex XDR: Search Queries
This course describes how to investigate leads and use Cortex® XDR tools like Query Builder, Query Center, and the Scheduled Queries page to build and manage queries.
-
Cortex XDR: Basic XDR Rules
This course describes different types of Cortex XDR rules, including indicators of compromise (IOCs), behavioral indicators of compromise (BIOCs), and correlation. The course also describes how to create and manage IOC, BIOC, Custom Prevention Rules, a...
-
Cortex XDR: Discovery, Inventory, and Management of Network Assets
This course describes the capabilities of Cortex XDR to work with network assets and vulnerability assessment.
-
Cortex XDR: Alerts Overview
This course describes how to work with alerts in Cortex XDR, including identifying key alert attributes, performing alert actions, and prioritizing alerts by policies using starring rules or specific values.
-
Cortex XDR: Causality Analysis of Alerts
This course describes the causality view of incidents and how you can use the causality instance graph to perform investigations. The course also describes how you can view incidents in the timeline view.
-
Cortex XDR: Causality and Analytics Concepts
This course describes alerts and logs in Cortex XDR, and how Cortex XDR correlates these security-related datasets for causality analysis. The course also describes the Cortex XDR Analytics Engine.
-
Cortex XDR: Deployment Considerations
This course describes the Customer Support Portal (CSP) and how to create and manage its roles, users, and accounts. It also describes Cortex XDR infrastructure services, instances, and XDR roles, along with scope-based Access Control (SBAC).
-
Cortex XDR: Alert Exclusions and Exceptions
This course describes the differences between alert exclusions and alert exceptions. This course also describes how to use, create, and manage alert exclusions and exceptions.
-
Cortex XDR: External Data Collection
This course describes Parsing Rules in data ingestion flow, managing Cortex XDR datasets in the management console, and configuring external alerts through the Cortex XDR API.
-
Cortex XDR: Cortex XDR Overview
This course describes the various features of Cortex XDR agents and instances along with Cortex XDR product offerings and their capabilities.
-
Cortex XDR: Response Actions
This course describes the centralized endpoint response actions you can take on incidents in the Action Center.
-
Cortex XDR: Automation Rules
This course introduces Cortex XDR automation rules and describes how to create and manage them.
Extending Cortex XDR and Proactive Security
-
Cortex XDR: Managed Threat Hunting
This course provides an overview of the Cortex XDR Managed Threat Hunting service.
-
Threat Hunting Using Cortex XDR
The course describes cyber threat hunting, some truths and myths attached to cyber threat hunting, the lifecycle of cyber threat hunting, and three threat hunting approaches: technique-oriented hunting, malware family-oriented hunting, and data-oriente...
-
Cortex XDR: Broker VM
The course describes the Cortex XDR Broker VM capabilities and help the student setup, configure, and manage Broker VM instances.
Cortex XDR Query Language (XQL)
-
Cortex XDR: XQL Syntax Basics
This course describes the XDR Query Language (XQL) fundamentals and the different sections of the XQL development environment in the management console. The course also describes how you can create and run basic XQL queries.
-
Cortex XDR: XQL Building Blocks
This course describes the XDR Query Language (XQL) building blocks, namely stages. The course describes the role of stages in XQL queries, how you can write XQL queries containing stages, and how stage order matters in XQL.
-
Cortex XDR: XQL Functions
This course describes the XDR Query Language (XQL) functions, XQL functions categories, and how you can use XQL functions in XQL queries.
-
Cortex XDR: Working with JSON Objects
The course describes JSON fields and variables and how you can access JSON using extract functions and using syntactic sugar format.
-
Cortex XDR: XQL Data Types
This course describes XQL data types in XDR datasets, XQL data types in alter stage assignments, and XQL data types in filter stages.
-
Cortex XDR: XQL Operators
This course describes XQL operator types and how to use XQL operators efficiently in filter stages to limit query results.
-
Cortex XDR: Visualizing XQL Query Results
This course describes how you can display XQL query results in Tables, Graphs, and Advanced display modes. The course also describes the histogram technique, working with the Chart Editor, and using the view stage in query codes.
-
Cortex XDR: Related Datasets Using Joins
This course describes the basics of how to join datasets using join stage and the join types.
-
Cortex XDR: Introduction to Parsing Rules
This course describes the basics of parsing rules in data ingestion flow and the syntax basics of parsing rules.
