This certification validates the knowledge, skills, and abilities of current or aspiring security operations center (SOC) analysts and security operations specialists in incident investigation and response, alert handling, threat hunting, vulnerability assessment, reporting, and compliance using Cortex XDR.
This exam is designed for current or aspiring security operations center (SOC) analysts, security operations specialists, incident responders, threat researchers, or anyone who wants to validate their knowledge and skills in the areas of incident investigation and response, alert handling, threat hunting, vulnerability assessment, reporting, and compliance using the Cortex XDR platform within a SOC.
Skills Required:
- Working knowledge of network security
- Working knowledge of TCP/IP and how traffic is directed within a network
- Working knowledge of networking infrastructure, protocols, and topology
- Working knowledge of troubleshooting methodologies
- Knowledge of OS fundamentals and security hardening methods
- Working knowledge of security automation technology
- Working knowledge of information security control technologies (e.g., access control, cryptography, vulnerability management, SIEM / log management)
- Working knowledge of security models / architectures (e.g., Defense in Depth, Zero Trust)
- Tier 2+ level user competency in Cortex XDR
- Basic understanding of programming and scripting languages (i.e., Python, PowerShell, SQL, XQL)
- Knowledge of current and emergent trends in information security
- Working knowledge of XDR-related components, console management, alerts, incidents, response actions, analysis, alert causality, queries, and asset management
- Working knowledge of common security operations processes and procedures (i.e., MITRE ATT&CK
- Framework, IR plans, investigative lifecycle)
- Working knowledge of Cortex XDR in the SOC
- ability to review dashboards and generate reports to support efforts such as compliance, incident summaries, security coverage status, and leadership briefings
- proficiency in query language proficiency for searching and correlating events
- identification of key components of incidents
- ability to tune and manage alerts
- ability to identify and hunt for indicators of compromise (IOCs)
- basic understanding of policies and profiles
- proficiency in the use of Cortex XDR for incident detection, analysis, and response actions
- Analytical ability to perform forensic investigations, threat intelligence analysis, and asset management
Recommended training for this certification
Candidates are strongly encouraged to use official Palo Alto Networks resources only to prepare for the exam. The current Palo Alto Networks recommended learning path can be found below:
Current E-learning
Cortex XDR: Features - Mandatory Cortex XQL - Mandatory