Target Audience: • SOC/CSIRT Engineers and Architects • Security Automation Specialists • Integration Partners and MSSPs
Prerequisites: • Ability to read/assemble JSON structures • Basic knowledge of Python • Familiarity with REST APIs is a plus
10:00 - 17:00
Day 1 10:00 - 17:00
0 – Course Introduction: Overview of course objectives, structure, and rules of participation
1 – Overview of Cortex XSOAR Platform Architecture, Features, and Capabilities
2 – Incident Management: Creating and configuring incident types, custom fields, classification, and mapping
3 – Threat Intelligence: Managing threat data sources, incident enrichment, and artifact correlations
4 – Analytical Investigations: Using playbooks and analytical tools in investigations
9:00 - 17:00
5 – Dashboards, Reports, and Timers. Creating dashboards, scheduling reports, and configuring SLA timers
6 – Integrations and Managing Integrations (Content Packs). Installing and configuring marketplace integrations, building and exporting content
7 – Architecture - Overview of technical components
8 – Use Case Planning and Implementation. Analyzing business requirements, designing and documenting use cases in XSOAR
9:00 - 17:00
9 – Playbook Building - Designing simple and complex playbooks, advanced conditions, and loops
9:00 - 17:00
10 – Automation Scripts - Writing your own automation scripts in Python, debugging, and using them in playbooks and integrations