Find a course
  • COURSE

Cortex XSIAM: Security Operations and Automation (EDU-270)

Price: $3,995.00
Duration: 4 days
Certification: Palo Alto Networks Certified Security Operations Generalist

The Palo Alto Networks Cortex XSIAM: Security Operations and Automation (EDU-270) course is an instructor-led training that will help you to:

  • Deploy, configure, and install XDR agents and configure Agent Groups and profiles
  • Investigate incidents, examine assets and artifacts, and understand the causality chain
  • Create correlation rules, use XQL to query logs, and analyze incidents using available tools and resources

The course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Engineering roles, to use Cortex XSIAM.

The course reviews XSIAM intricacies, from fundamental components to advanced strategies and automation techniques, including skills needed to navigate incident handling, optimize log sources, and orchestrate cybersecurity excellence.

Upcoming Class Dates and Times

All Sunset Learning courses are guaranteed to run

Course Outline and Details

No previous Palo Alto Networks experience is required to take this Cortex XSIAM EDU 270 Palo Alto course while familiarity with enterprise product deployment, networking, and security concepts is recommended.

SOC/CERT/CSIRT/XSIAM engineers and managers, MSSPs and service delivery partners/system integrators, internal and external professional-services consultants and sales engineers, incident responders and threat hunters.

The course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Engineering roles, to use XSIAM. The course reviews XSIAM intricacies, from fundamental components to advanced strategies and automation techniques, including skills needed to navigate incident handling, optimize log sources, and orchestrate cybersecurity excellence. 

  • Introduction to Cortex XSIAM 
  • Elements of Security Operations 
  • Maturity Model 
  • Agent Deployment and Configuration 
  • Data Source Ingestion 
  • Visibility 
  • Data Model 
  • Analytics 
  • Alerting and Detecting 
  • Attack Surface Management 
  • Automation 
  • Incident Handling / SOC 

Course Delivery Options

Train face-to-face with the live instructor.
Access to on-demand training content anytime, anywhere.
Attend the live class from the comfort of your home or office.
Interact with a live, remote instructor from a specialized, HD-equipped classroom near you. An SLI sales rep will confirm location availability prior to registration confirmation.

Empowering customers
to improve performance.

Facebook-f Linkedin Youtube
Quick Links
Get In Touch

Corporate Headquarters

12120 Sunset Hills Road
Suite 100
Reston, VA 20190

© 2025 All Rights Reserved.