This certification validates the knowledge and skills in the areas of incident investigation and response, use of automation playbooks, alert handling, threat hunting, vulnerability assessment, reporting, and compliance by using the Cortex XSIAM platform within a SOC. The exam validates the job-ready skills required to demonstrate an understanding of the basic architecture, components, and operation of Cortex XSIAM.
Target Audience
This exam is designed for the individuals who want to demonstrate the knowledge and skills required to use the Palo Alto Networks XSIAM platform for automation, threat detection, and threat response, including those who want to advance their SecOps analyst career. Skills Required The successful candidate can demonstrate understanding of SecOps processes and procedures
- Common SecOps processes and practices
- MITRE ATT&CK framework
- Incident response plans
- Investigative lifecycle
- XSIAM in the SOC
- Dashboards and reports to support compliance, incident summaries, security coverage status, and leadership briefings
- Query language proficiency to search for and correlate even
- Key components of incidents
- Alert tuning and management
- Initiation and use of the XSIAM playbook
- Identification and hunting for IO
- Endpoint policy management
- Proficiency in the use of XSIAM for incident detection, analysis, and response actions
- Ability to interact with playbook tasks to progress an investigation
- Analytical Abilities: Ability to perform forensic investigations, threat intelligence analysis and asset management
[/list]
Recommended training for this certification
Recommended ILT Training Course To Be Confirmed - Coming Soon!
Certifications:
- Palo Alto Networks Certified Cybersecurity Apprentice
- Palo Alto Networks Certified Cybersecurity Practitioner
- Palo Alto Networks Certified Security Operations Generalist