Cortex XSIAM Investigation and Analysis Online Training Course
Length
2 days / 2 weeks
Price
$1999
Days
Mon - Wed
Why Choose This Course
Cortex XSIAM: Investigation and Analysis is built for security operations professionals who need a repeatable way to investigate incidents, connect evidence, and make clear decisions under pressure. In a live online virtual classroom with an instructor, you’ll learn how to analyse key assets and artefacts, interpret the causality chain, and use Cortex XSIAM Query Language (XQL) to pull meaningful insight from log data as part of a structured investigation workflow.
In a hectic SOC environment, the problem is not that there are no alerts; rather, the problem is being able to provide proof of exactly what occurred, what is important about that event, and how to act in response while maintaining speed through a variety of applications. This course emphasizes how to develop a story out of any incident by using evidence, timelines, and related artifacts, all validated by the data.
You’ll also learn how to use investigation-support features such as platform tools and resources that deepen analysis, plus incident handling and automation elements that help standardise steps and keep cases moving. The goal is to help you become faster and more consistent at triage, investigation, and case progression — and to communicate findings clearly through dashboards, reports, and investigation outputs. This directly supports day-to-day analyst work and can also reinforce skills commonly expected when preparing for certification-level SOC analysis.
Prerequisites
- Participants should have a foundational understanding of cybersecurity principles and experience analysing incidents and using security tools for investigation.
Exam
Candidates can achieve this certification by passing the following exam(s).
- Palo Alto Networks Certified XSIAM Analyst
Books
- Cortex XSIAM: Investigation and Analysis course material included.
Delivery
- This course is delivered as live online, virtual instructor-led training.
Skills Gained
- Investigate incidents in Cortex XSIAM and document an evidence-based investigation trail
- Analyse key assets and artefacts linked to an investigation and identify what matters next
- Interpret the causality chain to understand likely sequence and impact
- Use XQL to query and analyse log data for investigation and correlation
- Build repeatable query patterns to validate hypotheses during triage and deep-dive analysis
- Use built-in tools and resources to extend analysis beyond the initial incident view
- Perform alert handling workflows aligned to SOC investigation practices
- Apply investigation-focused automation playbooks to support consistent response steps
- Conduct threat hunting and pivoting using platform data and investigation artefacts
- Produce investigation outputs that support reporting and compliance needs in a SOC context
- Navigate analyst-relevant platform concepts and features that underpin investigations
- Use dashboards and reports to communicate investigation status and findings
Audience
This course is best suited to professionals involved in security investigations and SOC operations, including:
- SOC analysts and SOC leads
- CERT and CSIRT analysts
- Incident responders and threat hunters
- Security analysts supporting investigation and response workflows
Course Schedule & Pricing
Choose the schedule that fits your life — all options include full course materials & certification support
Full-time immersion for rapid certification readiness.
Balance your career while you upgrade your skills.
Maximum flexibility for busy working professionals.
Outline
Core concepts and investigation approach
- Cortex XSIAM platform orientation for analysts
- Investigation workflow: from alert to incident narrative
- Understanding incidents, assets, and artefacts in investigations
- Causality chain interpretation for evidence-led analysis
- Investigation documentation patterns and analyst notes
Data analysis with XQL
- XQL foundations for investigation queries
- Querying logs to confirm event timelines
- Correlating events across data sources using XQL pivots
- Extracting indicators and key fields from log data
- Turning query results into investigation actions
Alerting, detection context, and threat intel
- Alert handling basics in an AI-driven SOC workflow
- Working with investigation context to reduce false positives
- Using threat intelligence and indicators during investigation
- Threat hunting pivots from incidents and leads
Automation and investigation support
- Using automation playbooks to standardise investigation steps
- Case progression: triage to containment decision points
- Analyst collaboration patterns and handover-ready evidence
Dashboards, reporting, and communication
- Analyst dashboards and reporting views
- Building investigation summaries for stakeholders
- Supporting compliance-oriented reporting in a SOC context
Terms & Conditions
Frequently Asked Questions (FAQ's)
What will I be able to do after Cortex XSIAM: Investigation and Analysis training?
Is this course focused on analysts or engineers?
Do I need any previous experience before starting this course?
Our Partnership
In today’s dynamic cybersecurity environment, where threats are increasingly sophisticated and persistent, developing hands-on firewall and network security expertise is critical. The Palo Alto Networks Certified Network Security Engineer (PCNSE) training equips professionals with the skills to deploy, configure, and secure enterprise networks using Palo Alto Networks Next-Generation Firewalls. This course provides practical knowledge to implement security policies, apply advanced threat prevention techniques, and support a Zero Trust approach to network protection. Learners gain experience in managing firewall interfaces, creating granular security rules, configuring GlobalProtect, and monitoring network activity to ensure resilient and compliant infrastructure.
Our Accreditations
