This instructor-led training enables you to prevent attacks on your endpoints. After an overview of the Cortex XDR components, the training introduces the Cortex XDR management console and demonstrates how to install agents on your endpoints and how to create Security profiles and policies. The training enables you to perform and track response actions, tune profiles, and work with Cortex XDR alerts. The training concludes with discussions about basic troubleshooting of the agent, the on-premises Broker VM component, and Cortex XDR deployment.
Prerequisites:
The knowledge and skills that the learner should have before attending this course are as follows:
- Participants must be familiar with enterprise product deployment, networking, and security concepts.
Course Objectives:
Successful completion of this instructor-led course with hands-on lab activities should enable you to:
- Describe the architecture and components of the Cortex XDR family
- Use the Cortex XDR management console
- Create Cortex XDR agent installation packages, endpoint groups, and policies
- Deploy Cortex XDR agents on endpoints
- Create and manage exploit and malware prevention profiles
- Investigate alerts and prioritize them using starring and exclusion policies
- Tune Security profiles using Cortex XDR exceptions
- Perform and track response actions in the Action Center
- Perform basic troubleshooting related to Cortex XDR agents
- Deploy a Broker VM and activate the Local Agents Settings applet
- Understand Cortex XDR deployment concepts and activation requirements
- Work with the Customer Support Portal and Cortex XDR Gateway for authentication and authorization
- Module 1 - Cortex XDR Introductions
- Module 2 - Cortex XDR Main Components
- Module 3 - Cortex XDR Management Components
- Module 4 - Profiles and Policy Rules
- Module 5 - Malware Protection
- Module 6 - Exploit Protection
- Module 7 - Cortex XDR Alerts
- Module 8 - Exclusion and Exceptions
- Module 9 - Response Actions
- Module 10 - Basic Troubleshooting
- Module 11 - Broker VM Overview
- Module 12 - Deployment Consideration
The primary audience for this course is as follows:
- Cybersecurity analysts and engineers and security operations specialists, as well as administrators and product deployers.