Pricing
Objectives
Outline
Prerequisites
Certifications
Follow-Ons

Cortex XDR: Investigation and Response
Course Overview

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics. You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

Multiple modules focus on how to leverage the collected data. You will create simple search queries in one module and XDR rules in another. The course demonstrate how to use specialized investigation views to visualize artifact-related data, such as IP and Hash Views. Additionally, it provides an introduction to XDR Query Language (XQL). The course concludes with Cortex XDR external-data-collection capabilities, including the use of Cortex XDR API to receive external alerts.

Category

ID

Duration

Level

Price

Palo Alto

13874

2 Day(s)

Intermediate

$1,895.00

Questions?

This course is part of the following Certifications:
Palo Alto Networks Certified Detection and Remediation Analyst
Palo Alto Networks XDR Engineer

Participants must have completed the Cortex XDR: Prevention and Deployment (EDU-260) course.

Related Courses

Cortex XDR: Investigation and Response

Class Schedule

Live Online

Location Date Time Register
Live - Online 08/28/2025 - 08/29/2025 9:00 AM - 5:00 PM PDT Register
Live - Online 11/20/2025 - 11/21/2025 9:00 AM - 5:00 PM CST Register

Cortex XDR: Investigation and Response

Course Overview

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics. You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

Multiple modules focus on how to leverage the collected data. You will create simple search queries in one module and XDR rules in another. The course demonstrate how to use specialized investigation views to visualize artifact-related data, such as IP and Hash Views. Additionally, it provides an introduction to XDR Query Language (XQL). The course concludes with Cortex XDR external-data-collection capabilities, including the use of Cortex XDR API to receive external alerts.

Cortex XDR: Investigation and Response

Course Objectives

• Investigate and manage incidents
• Describe the Cortex XDR causality and analytics concepts
• Analyze alerts using the Causality and Timeline Views
• Work with Cortex XDR Pro actions such as remote script execution
• Create and manage on-demand and scheduled search queries in the Query Center
• Create and manage the Cortex XDR rules BIOC and IOC
• Working with Cortex XDR assets and inventories
• Write XQL queries to search datasets and visualize the result sets
• Work with Cortex XDR’s external-data collection

Training Delivery Methods

With Productivity Point, you will have a spectrum of delivery methods to choose from... when where and how you like it. Whether it's in a classroom or online, we have a delivery option to meets your needs.

Classroom Live Training

Get in-person, hands-on instruction with live lab exercises taught by subject matter experts who deliver authorized and industry-leading content.

With classrooms in almost every major U.S. city, Productivity Point has something for users of every level, so you can earn the most popular industry certifications. You get hands-on learning experience with live lab exercises taught by experienced instructors. We proudly advocate our learning services to be hosted by the best-qualified trainers in terms of technical knowledge and teaching skills.

Classroom Virtual Training

Prefer to have a dedicated classroom for your virtual experience? Attend live, hands- on training via remote instructor from one of Productivity Point’s multiple locations.

Enjoy a focused and professional training environment, including all technical equipment provided along with administrative and technical support at your fingertips. With over 150 locations to choose from, review our course catalog or contact your personal Productivity Point Account Manager to see if the course you have in mind is delivered at one of our dedicated virtual classrooms in your area.

Live Online Training

Blend the best from traditional face-to-face instructor-led training with the latest in conferencing technology.

  • Delivering live training to multiple locations at one time
  • 100% live, instructor led training in a classroom setting without excess travel.
  • Dramatically reduced class cancellation rate.

Private Group Training

Your private group classroom experience will not only take place in the location of your choice (including any of our training centers), but you will enjoy the following amenities:

  • Instructor Consult to get to know your instructor and convey your customized requirements
  • Course Curriculum tailored to your specifications and displaying your organization's branding
  • On-Line course evaluations provided for your review
  • Post-Assessments to ensure your learners have fully comprehended

On-Demand Learning

On-Demand is an IT training solution designed around your schedule, budget, and learning needs. Combining high-quality video, reading, and knowledge checks in a self-paced format, On-Demand helps you build skills as your schedule allows—all at once or five minutes at a time.

With On-Demand, you learn at your own pace and in the convenience of your own space.

With Learn at your own pace…

  • Personal industry leading trainers and instructors right on your own desktop.
  • Acquire leverage to better career opportunities.
  • Learn the latest information technology.
  • Increase your earning potential
  • Get Certified
Try Before You Buy…
If you would like to experience On-Demand before you purchase, send an email to: ondemand@productivitypointls.com to receive your Course Demo Code.

Productivity Point Learning Solutions evolved out of a desire to increase our outreach both nationally and internationally.

Productivity Point Headquarters
1580 Sawgrass Corporate Parkway
Suite 205
Sunrise, Florida 33323
United States

Contact
T 1-844-238-8607
P 1-954-425-6141
F 1-954-928-9057
E info@productivitypointls.com

© Copyright 2025 Productivity Point Learning Solutions. All Rights Reserved.