Learning Objectives

This training is designed to enable a SOC, CERT, CSIRT, or SOAR engineer to start working with Cortex XSOAR integrations, playbooks, incident-page layouts, and other system features to facilitate resource orchestration, process automation, case management, and analyst workflow.

The third module of the course demonstrates a complete playbook-development process for automating a typical analyst workflow to address phishing incidents. This end-to-end view of the development process provides a framework for more focused discussions of individual topics that are covered in subsequent modules.

Scope

• Course level: Advanced
• Course duration: 4 days
• Course format: Lecture and hands-on labs
• Platform support: Cortex XSOAR server 6.8

Who Should Attend?

• Security-operations (SecOps), or security, orchestration, automation, and response (SOAR) engineers, managed security service providers (MSSPs), service delivery partners, system integrators, and professional services engineers

Prerequisites & Exams

Recommended Prerequisites:

• Participants must complete the Cortex XSOAR Analyst digital learning. Participants who have experience with scripting, the use of Python and JavaScript, and the use of JSON data objects will likely be able to apply what they learn more quickly than participants without such experience. However, completion of the course does not require proficiency in writing code.

Course Outline

• Module 1: Core functionality and Feature Sets
• Module 2: Enabling and Configuring Integrations
• Module 3: Playbook Development
• Module 4: Classification and Mapping
• Module 5: Layout Builder
• Module 6: Solution Architecture
• Module 7: Docker
• Module 8: Automation Development & Debugging
• Module 9: Content Management
• Module 10: Indicators
• Module 11: Jobs and Job Scheduling
• Module 12: Users and Role Management
• Module 13: Integration Development