Course Overview

XSIAM is the industry’s most comprehensive security incident and asset management platform, offering extensive coverage for securing and managing infrastructure, workloads, and applications cross multiple environments.

Throughout this course, you will explore the key features of Cortex XSIAM.

This course is designed to enable you to:

– Investigate incidents, analyze key assets and artifacts, and interpret the causality chain.

– Query and analyze logs using XQL to extract meaningful insights.

– Utilize advanced tools and resources for comprehensive incident analysis.

Course Objectives’

The course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Analysts roles, to use XSIAM.

The course reviews XSIAM intricacies, from fundamental components to advanced strategies and techniques, including skills needed to navigate incident handling, automation, and orchestrate cybersecurity excellence.

Course Content

Course Modules

1- Introduction to Cortex XSIAM

2- Endpoints

3- XQL

4- Alerting and Detection

5- Threat Intel Management

6- Automation

7- Attack Surface Management

8- Incident Handling

9- Dashboards and Reports

Course Overview

This instructor-led training enables you to prevent attacks on your endpoints. After an overview of the Cortex XDR components, the training introduces the Cortex XDR management console and demonstrates how to install agents on your endpoints and how to create Security profiles and policies.

The training enables you to perform and track response actions, tune profiles, and work with Cortex XDR alerts. It concludes by discussing basic troubleshooting of the agent, the on-premises Broker VM component, and Cortex XDR deployment.

Course Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable you to:

  • Describe the architecture and components of the Cortex XDR family
  • Use the Cortex XDR management console, including reporting
  • Create Cortex XDR agent installation packages, endpoint groups, and policies
  • Deploy Cortex XDR agents on endpoints
  • Create and manage Exploit and Malware Prevention profiles
  • Investigate alerts and prioritize them using starring and exclusion policies
  • Tune Security profiles using Cortex XDR exceptions
  • Perform and track response actions in the Action Center
  • Perform basic troubleshooting related to Cortex XDR agents
  • Deploy a Broker VM and activate the Local Agents Settings applet
  • Understand Cortex XDR deployment concepts and activation requirements
  • Work with the Customer Support Portal and Cortex XDR Gateway for authentication and authorization

Course Content

Course Modules

1 – Cortex XDR Overview

2 – Cortex XDR Main Components

3 – Cortex XDR Management Console

4 – Profiles and Policy Rules

5 – Malware Protection

6 – Exploit Protection

7 – Cortex XDR Alerts

8 – Tuning Policies Using Exceptions

9 – Response Actions

10 – Basic Agent Troubleshooting

11 – Broker VM Overview

12 – Deployment Considerations

Course Overview

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics.

You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

Multiple modules focus on how to leverage the collected data. You will create simple search queries in one module and XDR rules in another. The course demonstrate how to use specialized investigation views to visualize artifact-related data, such as IP and Hash Views. Additionally, it provides an introduction to XDR Query Language (XQL). The course concludes with Cortex XDR external-data-collection capabilities, including the use of Cortex XDR API to receive external alerts.

Course Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable participants to:

  • Investigate and manage incidents
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Work with Cortex XDR Pro actions such as remote script execution
  • Create and manage on-demand and scheduled search queries in the Query Center
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Working with Cortex XDR assets and inventories
  • Write XQL queries to search datasets and visualize the result sets
  • Work with Cortex XDR’s external-data collection

Course Content

Course Modules

1 – Cortex XDR Incidents

2 – Causality and Analytics Concepts

3 – Causality Analysis of Alerts

4 – Advanced Response Actions

5 – Building Search Queries

6 – Building XDR Rules

7 – Cortex XDR Assets

8 – Introduction to XQL

9 – External Data Collection

Course Overview

The Prisma Access SSE: Configuration and Deployment course introduces you to the operational deployment of Prisma Access Secure Access Service Edge (SASE) and how it helps organizations embrace the needs of the modern workforce by providing network connectivity and network security services from the cloud. This course will enable you to deploy, configure, maintain, and troubleshoot Prisma Access using Strata Cloud Manager. The course is intended for professionals in cybersecurity and public-cloud security, as well as general network-security professionals who want to learn how to secure remote networks and mobile users.

Course Objectives

Successful completion of this four-day, instructor-led course will help enhance your understanding of how to better protect your applications, remote networks, and mobile users using a SASE implementation.

In a lab environment, you will get hands-on experience configuring, managing, and troubleshooting Prisma Access via Strata Cloud Manager.

Course Content

  1. Prisma SASE
  2. Prisma Access Architecture
  3. Strata Cloud Manager
  4. Licensing and Activation
  5. Service Connections
  6. Remote Networks
  7. Mobile Users
  8. Prisma Access Explicit Proxy
  9. ZTNA Connector
  10. Prisma Access Browser
  11. Autonomous Digital Experience Management (ADEM)


Course Overview

The importance of robust cybersecurity measures cannot be overstated, as organizations are increasingly facing all types of cyberattacks. The NIS 2 Directive is a legislation that has been designed to strengthen the cybersecurity posture of critical infrastructure sectors, including energy, transport, healthcare, and digital services. 

By attending the NIS 2 Directive Lead Implementer training course, you gain in-depth knowledge of the directive’s requirements, implementation strategies, and best practices that protect critical infrastructure from cyber threats. Through interactive sessions and practical exercises, you will learn how to assess organization’s cybersecurity risks, develop robust incident response plans, and implement effective security measures to meet the requirements of NIS 2 Directive. Moreover, you will gain insights into industry standards and best practices that will enable you to stay up to date with the evolving threat landscape and implement cutting-edge cybersecurity solutions. After successfully completing this training course, you will become a trusted cybersecurity professional that possesses the expertise to navigate the complex landscape of critical cybersecurity infrastructure and contribute to the resilience of your organization and society as a whole.

After passing the exam, you can apply for the “Certified NIS 2 Directive Lead Implementer” credential.

Course Objectives

Upon successfully completing the training course, you will be able to:

  • Explain the fundamental concepts of NIS 2 Directive and its requirements
  • Obtain a thorough comprehension of the principles, strategies, methodologies, and tools necessary for implementing and efficiently managing a cybersecurity program in compliance with NIS 2 Directive
  • Learn how to interpret and implement NIS 2 Directive requirements in the specific context of an organization
  • Initiate and plan the implementation of NIS 2 Directive requirements, by utilizing PECB’s methodology and other best practices
  • Acquire the necessary knowledge to support an organization in effectively planning, implementing, managing, monitoring, and maintaining a cybersecurity program in compliance with NIS 2 Directive

Course Content

  • Day 1: Introduction to NIS 2 Directive and initiation of the NIS 2 Directive implementation
  • Day 2: Analysis of NIS 2 Directive compliance program, asset management, and risk management
  • Day 3: Cybersecurity controls, incident management, and crisis management
  • Day 4: Communication, testing, monitoring, and continual improvement in cybersecurity
  • Day 5: Certification exam

Course Overview

The NIS 2 Directive Foundation training course outlines the essential insights necessary for understanding the requirements of NIS 2 Directive regarding cybersecurity measures. It provides the core concepts required to support organizations in the initial phases of planning, implementation, and management of cybersecurity programs.Why Should You Attend?

The NIS 2 Directive Foundation training course provides an introduction to the NIS 2 Directive aiming to help organizations enhance their cybersecurity in the face of ever-emerging cyber threats. This legislation serves as a central role in strengthening cybersecurity within critical infrastructure sectors such as energy, transport, healthcare, and digital services. The PECB NIS 2 Directive Foundation training course covers the fundamental concepts related to the Directive’s requirements. It provides information that will help you understand the best practices for protecting critical infrastructure from cyber threats.

After attending the training course, you can take the exam, and if you successfully pass it, you can apply for a “PECB Certificate Holder in NIS 2 Directive Foundation” credential.

Course Objectives

This training course will help you:

  • Explain the fundamental concepts and definitions of NIS 2 Directive
  • Interpret the main requirements of the NIS 2 Directive for a cybersecurity program
  • Identify the approaches and techniques used for the implementation of NIS 2 requirements

Course Content

  • Day 1: Introduction to fundamental concepts and definitions of NIS 2 Directive
  • Day 2: NIS 2 Directive requirements for the implementation of a cybersecurity program

Course Overview

Chapter 1: Course Introduction

• Course organization

 • Setting the stage

Chapter 2: Digital Transformation

• DX as a practitioner

• DX in the context of cybersecurity

• Cybersecurity as a DX catalyst

Chapter 3: Threat Landscape

• Threat actors: Agile and Creative

• Attacks

• Challenges

• Organizational response to threat landscape

• Absolute prevention not possible

Chapter 4: The Controls

• Initiation and basic

• Foundation

• Organizational and recovery

Chapter 5: Adopt and Adapt

• The context of adopt and adapt

• Cybersecurity and culture

• Where we are

Chapter 6: Adaptive Way of Working

• Introduction to adaptive way to work

• How to get started

Chapter 7: Rapid Adoption and Rapid Adaptation FastTrack™

• Rapid adoption

• Rapid adaptation

Chapter 8: CIIS as a Practice

• Ongoing practice of cybersecurity

• NIST 7-step improvement

• Cybersecurity Maturity Model Certification (CMMC)

• Integrate cybersecurity

Course Objectives

At the conclusion of this class, students will know a practical approach to build and maintain a comprehensive cybersecurity and cyber-risk management program.

Course Content

H0DV8S (hpe.com)

Course Overview

Digital Transformation

• Explain what it means to “become digital”

• Discuss the difference between industrial and digital era

enterprises

• Explain how cybersecurity supports an organization’s digital

Transformation

Understanding Cyber Risks

• Explain the cyber risk equation

• Identify and explain each component of the cyber risk

equation

• Describe the basics of a risk assessment

NIST Cybersecurity Framework Fundamentals

• Explain the genesis of the NIST-CSF

• List and describe the components of the NIST-CSF

• Describe each of the NIST-CSF’s objectives

Core Functions, Categories and Subcategories • Understand and explain

– Core functions

– Framework categories

– Informative references

Implementation Tiers and Profiles

• Understand and explain Implementation Tier terms and

their use

• Understand and explain each Implementation Tier

• Understand and describe the three risk categories

• Understand and explain Profiles and their use

• Understand and describe the use of Profiles when

– Determining gaps

– Identifying and prioritizing focus areas

Cybersecurity Improvement

• Understand and explain how an organization can

approach the adoption and adaptation of the NIST-CSF

• Understand and describe how to implement cybersecurity

controls using an incremental improvement approach

• Understand and describe CIIS as a practice within an

Organization

Chapter 1: Course Introduction

• Course organization

• Setting the stage

Chapter 2: Digital Transformation

• DX as a practitioner

• DX in the context of cybersecurity

• Cybersecurity as a DX catalyst

Chapter 3: Threat Landscape

• Threat actors: Agile and Creative

• Attacks

• Challenges

• Organizational response to threat landscape

• Absolute prevention not possible

Chapter 4: The Controls

• Initiation and basic

• Foundation

• Organizational and recovery

Chapter 5: Adopt and Adapt

• The context of adopt and adapt

• Cybersecurity and culture

• Where we are

Chapter 6: Adaptive Way of Working

• Introduction to adaptive way to work

• How to get started

Chapter 7: Rapid Adoption and Rapid Adaptation FastTrack™

• Rapid adoption

• Rapid adaptation

Chapter 8: CIIS as a Practice

• Ongoing practice of cybersecurity

• NIST 7-step improvement

• Cybersecurity Maturity Model Certification (CMMC)

• Integrate cybersecurity

Course Objectives

Upon completion of this course, students will have:

• The skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF 

• The knowledge to prepare for the NSCP Boot Camp exam (Foundation + Practitioner)

Course Content

H0DV9S (hpe.com)

Course Overview

This course provides foundational level knowledge on security, compliance, and identity concepts and related cloud-based Microsoft solutions.

Course Objectives

  • Describe basic concepts of security, compliance, and identity.
  • Describe the concepts and capabilities of Microsoft identity and access management solutions.
  • Describe the capabilities of Microsoft security solutions.
  • Describe the compliance management capabilities in Microsoft.

Course Content

Module 1: Microsoft Security, Compliance, and Identity Fundamentals: Describe the concepts of security, compliance, and identity

  • Describe security and compliance concepts
  • Describe identity concepts

Module 2: Microsoft Security, Compliance, and Identity Fundamentals: Describe the capabilities of Microsoft Entra

  • Describe the function and identity types of Microsoft Entra ID
  • Describe the authentication capabilities of Microsoft Entra ID
  • Describe access management capabilities of Microsoft Entra ID
  • Describe the identity protection and governance capabilities of Microsoft Entra

Module 3: Microsoft Security, Compliance, and Identity Fundamentals: Describe the capabilities of Microsoft security solutions

  • Describe core infrastructure security services in Azure
  • Describe the security management capabilities in Azure
  • Describe security capabilities of Microsoft Sentinel
  • Describe threat protection with Microsoft Defender XDR

Module 4: Microsoft Security, Compliance, and Identity Fundamentals: Describe the capabilities of Microsoft compliance solutions

  • Describe Microsoft’s Service Trust portal and privacy capabilities
  • Describe the compliance management capabilities in Microsoft Purview
  • Describe information protection, data lifecycle management, and data governance capabilities in Microsoft Purview
  • Describe the insider risk capabilities in Microsoft Purview
  • Describe the eDiscovery and Audit capabilities in Microsoft Purview

Course Overview

This course provides foundational level knowledge on security, compliance, and identity concepts and related cloud-based Microsoft solutions.

Course Objectives

  • Describe the concepts and capabilities of Microsoft identity and access management solutions.
  • Describe the capabilities of Microsoft security solutions.
  • Describe the compliance management capabilities in Microsoft.

Course Content

Module 1: Describe basic concepts of security, compliance, and identity.

Learn about core concepts, principles, and methodologies that are foundational to security, compliance, and identity solutions, including Zero-Trust, shared responsibility, our privacy principles, and more.

Lessons for module 1

  • Describe security concepts and methodologies.
  • Describe Microsoft security and compliance principles.
  • Module summary

After completing module 1, students will be able to:

  • Describe security concepts and methodologies.
  • Explore the Service Trust Portal.
  • Know where to go to find and review Azure compliance documentation.

Module 2: Describe the concepts and capabilities of Microsoft identity and access management solutions

Learn about Azure AD services and identity principals, secure authentication, access management capabilities, as well as identity protection and governance.

Lessons for module 2

  • Describe identity concepts
  • Describe the basic services and identity types of Azure AD
  • Describe the authentication capabilities of Azure AD
  • Describe the access management capabilities of Azure AD
  • Describe the identity protection and governance capabilities of Azure AD
  • Module summary

After completing module 2, students will be able to:

  • Describe basic identity concepts.
  • Describe the basic services and identity types of Azure AD
  • Describe the authentication capabilities of Azure AD.
  • Describe the access management capabilities of Azure AD.
  • Describe the identity protection and governance capabilities of Azure AD.

Module 3: Describe the capabilities of Microsoft security solutions

Learn about security capabilities in Microsoft. Topics covered will include network and platform capabilities of Azure, Azure security management, and Sentinel. You’ll learn about threat protection with Microsoft 365 Defender and Microsoft 365 security management, and you’ll explore endpoint protection with Intune.

Lessons for module 3

  • Describe the basic security capabilities in Azure
  • Describe the security management capabilities of Azure
  • Describe the security capabilities of Azure Sentinel
  • Describe the threat protection capabilities of Microsoft 365
  • Describe the security management capabilities of Microsoft 365
  • Describe endpoint security with Microsoft Intune
  • Module summary

After completing module 3, students will be able to:

  • Describe the basic security capabilities in Azure.
  • Describe the security management capabilities of Azure.
  • Describe the security capabilities of Azure Sentinel.
  • Describe the threat protection capabilities of Microsoft 365.
  • Describe the security management capabilities of Microsoft 365.
  • Describe endpoint security with Microsoft Intune.

Module 4: Describe the capabilities of Microsoft compliance solutions

Learn about compliance solutions in Microsoft. Topics covered will include Compliance center, Information protection and governance in Microsoft 365, Insider Risk, audit, and eDiscovery solutions. Also covered are Azure resources governance capabilities.

Lessons for module 4

  • Describe the compliance management capabilities in Microsoft
  • Describe the information protection and governance capabilities of Microsoft 365
  • Describe the insider risk capabilities in Microsoft 365
  • Describe the eDiscovery capabilities of Microsoft 365
  • Describe the audit capabilities of Microsoft 365
  • Describe the resource governance capabilities in Azure
  • Module summary

After completing module 4, students will be able to:

  • Describe the compliance management capabilities in Microsoft.
  • Describe the information protection and governance capabilities of Microsoft 365.
  • Describe the insider risk capabilities in Microsoft 365.
  • Describe the eDiscovery capabilities of Microsoft 365.
  • Describe the audit capabilities of Microsoft 365
  • Describe the resource governance capabilities in Azure