The Cortex™ XSOAR 6.2: Automation and Orchestration (EDU-380) course is four days of instructor-led training that will help you:
- Configure integrations, create tasks, and develop playbooks.
- Build incident layouts that enable analysts to triage and investigate incidents efficiently
- Identify how to categorize event information and map that information to display fields.
- Develop automations, manage content, indicator data, and artifact stores, schedule jobs, organize users and user roles, oversee case management, and foster collaboration
This training is designed to enable a SOC, CERT, CSIRT, or SOAR engineer to start working with Cortex XSOAR integrations, playbooks, incident-page layouts, and other system features to facilitate resource orchestration, process automation, case management, and analyst workflow. The third module of the course demonstrates a complete playbook-development process for automating a typical analyst workflow to address phishing incidents. This end-to-end view of the development process provides a framework for more focused discussions of individual topics that are covered in subsequent modules.
What You'll Learn
1 – Core functionality and Feature Sets
2 – Enabling and Configuring Integrations
3 – Playbook Development
4 – Classification and Mapping
5 – Layout Builder
6 – Solution Architecture – Docker
8 – Automation Development & Debugging
9 – Content Management
10 – Indicators
11 – Jobs and Job Scheduling
12 – Users and Role Management
13 – Integration Development
Security-operations (SecOps), or security, orchestration, automation, and response (SOAR) engineers, managed security service providers (MSSPs), service delivery partners, system integrators, and professional services engineers
Who Should Attend