My CartLog in
Cisco
Technology
Security
Cisco XDR Test Drive (XDRTD)

Cisco XDR enables security operations that overcome traditional SOC challenges. You will explore the Cisco XDR security platform and how it can simplify security operations in today's hybrid, multi-vendor, multi-threat landscape. Through expert instruction and hands-on lab exercises, you will read the components and work with Incident Manager for effective threat prioritization, streamlined investigations, and evidence-backed recommendations. In this training, you will discover how to elevate productivity with automation capabilities and boost your security resources for optimal value.

Download pdf
Course content

Module 1: Evolution and Introduction to Cisco XDR

  • Lesson 1: Detection and response and the challenges of traditional SOC
  • Lesson 2: What is the OODA loop?
  • Lesson 3: Overview of Cisco XDR
  • Associating SOC profiles to XDR
  • Integrations and Response
  • XDR/EDR/MDR/SOAR/SIEM – Shared Use Cases
  • Analytics and Correlation Engine

Module 2: Threat Detection and Incident Response Workflow

  • Lesson 1: Understanding Threat Detections with Diverse Intelligence
  • Lesson 2: How to read components: Judgement / Indicators / Feeds / Events.
  • Lesson 3: Cisco XDR: Incident Manager
  • Threat inspection captured Incidents
  • Infrastructure-based Incident Prioritization: Detection Risk and Asset Value
  • Identification / Containment / Eradication and Recovery Workflows.

Module 3: Enrichment from Third-Party Integrations

  • Lesson 1: Overview of the third-party security landscape
  • Lesson 2: What is a Relay Module?
  • Lesson 3: XDR: Remote Connector
  • Lesson 4: Accomplishing arbitrary integrations.

Module 4: XDR APIs

  • Lesson 1: Northbound and Southbound APIs
  • Lesson 2: Threat Intelligence APIs: Private and public databases of threat intel
  • Lesson 3: Investigation APIs: Enrich data using your integrated products
  • Lesson 4: Response APIs
  • Lesson 5: Automation APIs: Trigger workflows in XDR to do just about anything you want!

Module 5: XDR Automation and Orchestration

  • Lesson 1: Understanding Orchestration Workflows: Types and sequence.
  • Lesson 2: Workflows Components: Targets, Account Keys, Triggers, Variables, Events, Schedules & Reports
  • Lesson 3: Constructing a basic workflow.
  • Lesson 4: Exploring built in Cisco and third-party service activities and logics.
  • Lesson 5: Customizing out of the box workflows to fit the business use case.
  • Lesson 6: Enforcing DLP policy on outgoing email using Cisco XDR automation.

Module 6: Endpoint and Network Telemetry

  • Lesson 1: Network and Endpoint Visibility Together: Telemetry + Device Insights.
  • Lesson 2: Network Visibility Module
  • Lesson 3: Reports and Audit logs
  • Lesson 4: Asset Tag Device Management.

Lab Outline:

Labs are designed to assure learners a whole practical experience, through the following practical activities:

  • Overview of Cisco XDR
  • Validate an Attack and Determine the Incident Response
  • Perform Threat Hunting
  • Explore Cisco XDR Orchestration