Course Overview

The Palo Alto Networks Panorama: Centralized Network Security Management course is three days of instructor-led training that should help you to:

– Learn how to configure and manage the next-generation Panorama management server

– Gain experience configuring templates (including template variables) and device groups

–  Gain experience with administration, log collection, and logging and reporting

– Become familiar with planning and design considerations for Panorama deployment

– Activate, configure, and manage Prisma Access using Panorama

Course Objectives

This course should help students gain in-depth knowledge about configuring and managing a Palo Alto Networks Panorama management server. Administrators that complete this course should become familiar with the Panorama management server’s role in managing and securing the overall network.

Network professionals will be shown how to use Panorama aggregated reporting to provide them with a holistic view of a network of Palo Alto Networks next-generation firewalls.

Course Content

Course Modules

1 – Initial Configuration

2 – Adding Firewalls

3 – Templates

4 – Device Groups

5 – Log Collection and Forwarding

6 – Using Panorama Logs

7 – Panorama Administrative Accounts

8 – Reporting

9 – Troubleshooting

10 – Prisma Access Overview

11 – Activate and Configure

12 – Templates and Device Groups

13 – Configure Service Connections

14 – Secure Remote Networks

Course Overview

The Palo Alto Networks Panorama: Centralized Network Security Administration course is two days of instructor-led  training that should help you to:

– Learn how to configure and manage the next-generation Panorama management server

– Gain experience configuring templates (including template variables) and device groups

– Activate, configure, and manage Prisma Access using Panorama

Course Objectives

This course should help students gain experience configuring and managing Palo Alto Networks Panorama management servers. Administrators that complete this course should become familiar with the Panorama management server’s role in managing and securing the overall network.

Course Content

  1. Initial Configuration
  2. Adding Firewalls
  3. Templates
  4. Device Groups
  5. Prisma Access Overview
  6. Activate and Configure
  7. Templates and Device Groups
  8. Configure Service Connections
  9. Secure Remote Networks

Course Overview

The Palo Alto Networks Firewall: Troubleshooting course is three days of instructor-led training that will help you to:

– Use firewall tools, including the CLI, to investigate networking issues

– Follow proven troubleshooting methodologies that are specific to individual features

– Analyze advanced logs to resolve various real-life scenarios

– Solve advanced, scenario-based challenges

Course Objectives

Successful completion of this three-day, instructor-led course will enhance the participant’s understanding of troubleshooting the full line of Palo Alto Networks next-generation firewalls.

Participants will perform hands-on troubleshooting related to the configuration and operation of the Palo Alto Networks firewall.

Completing this class will help participants develop an in-depth knowledge of how to troubleshoot visibility and control over applications, users, and content.

Course Content

Course Modules

1 – Tools and Resources

2 – Flow Logic

3 – Packet Captures

4 – Packet-Diagnostics Logs

5 – Host-Inbound Traffic

6 – Transit Traffic

7 – System Services

8 – Certificate Management and SSL Decryption

9 – User-ID

10 – GlobalProtect

11 – Support Escalation and RMAs

12 – Next Steps

Course Overview

The Palo Alto Networks Firewall Essentials: Configuration and Management (EDU-210) course is five days of instructor led training that will help you to:

– Configure and manage the essential features of Palo Alto Networks next-generation firewalls

– Configure and manage Security and NAT policies to enable approved traffic to and from zones

– Configure and manage Threat Prevention strategies to block traffic from known and unknown IP addresses, domains, and URLs

– Monitor network traffic using the interactive web interface and firewall reports

Course Objectives

Successful completion of this five-day, instructor-led course should enhance the student’s understanding of configuring and managing Palo Alto Networks Next-Generation Firewalls.

The course includes hands-on experience configuring, managing, and monitoring a firewall in a lab environment.

Course Content

Course Modules

1 – Palo Alto Networks Portfolio and Architecture

2 – Configuring Initial Firewall Settings

3 – Managing Firewall Configurations

4 – Managing Firewall Administrator Accounts

5 – Connecting the Firewall to Production Networks with Security Zones

6 – Creating and Managing Security Policy Rules

7 – Creating and Managing NAT Policy Rules

8 – Controlling Application Usage with App-ID

9 – Blocking Known Threats Using Security Profiles

10 – Blocking Inappropriate Web Traffic with URL Filtering

11 – Blocking Unknown Threats with Wildfire

12 – Controlling Access to Network Resources with User-ID

13 – Using Decryption to Block Threats in Encrypted Traffic

14 – Locating Valuable Information Using Logs and Reports

15 – What’s Next in Your Training and Certification Journey

Supplemental Materials

Securing Endpoints with GlobalProtect

Providing Firewall Redundancy with High Availability

Connecting Remotes Sites using VPNs

Blocking Common Attacks Using Zone Protection

Course Overview

XSIAM is the industry’s most comprehensive security incident and asset management platform, offering extensive coverage for securing and managing infrastructure, workloads, and applications across multiple environments.

Throughout this course, you will explore the key features of Cortex XSIAM.

This course is designed to enable you to:

– Deploy, configure, and install XDR agents and configure Agent Groups and profiles
– Investigate incidents, examine assets and artifacts, and understand the causality chain
– Create correlation rules, use XQL to query logs, and analyze incidents using available tools and resources

Course Objectives

  • The course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Engineering roles, to use XSIAM.
  • The course reviews XSIAM intricacies, from fundamental components to advanced strategies and automation techniques, including skills needed to navigate incident handling, optimize log sources, and orchestrate cybersecurity excellence.

Course Content

1 – Introduction to Cortex XSIAM
2 – Elements of Security Operations
3 – Maturity Model
4 – Agent Deployment and Configuration
5 – Data Source Ingestion
6 – Visibility
7 – Data Model
8 – Analytics
9 – Alerting and Detecting
10 – Attack Surface Management
11 – Automation
12 – Incident Handling / SOC

Course Overview

XSIAM is the industry’s most comprehensive security incident and asset management platform, offering extensive coverage for securing and managing infrastructure, workloads, and applications cross multiple environments.

Throughout this course, you will explore the key features of Cortex XSIAM.

This course is designed to enable you to:

– Investigate incidents, analyze key assets and artifacts, and interpret the causality chain.

– Query and analyze logs using XQL to extract meaningful insights.

– Utilize advanced tools and resources for comprehensive incident analysis.

Course Objectives’

The course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Analysts roles, to use XSIAM.

The course reviews XSIAM intricacies, from fundamental components to advanced strategies and techniques, including skills needed to navigate incident handling, automation, and orchestrate cybersecurity excellence.

Course Content

Course Modules

1- Introduction to Cortex XSIAM

2- Endpoints

3- XQL

4- Alerting and Detection

5- Threat Intel Management

6- Automation

7- Attack Surface Management

8- Incident Handling

9- Dashboards and Reports

Course Overview

This instructor-led training enables you to prevent attacks on your endpoints. After an overview of the Cortex XDR components, the training introduces the Cortex XDR management console and demonstrates how to install agents on your endpoints and how to create Security profiles and policies.

The training enables you to perform and track response actions, tune profiles, and work with Cortex XDR alerts. It concludes by discussing basic troubleshooting of the agent, the on-premises Broker VM component, and Cortex XDR deployment.

Course Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable you to:

  • Describe the architecture and components of the Cortex XDR family
  • Use the Cortex XDR management console, including reporting
  • Create Cortex XDR agent installation packages, endpoint groups, and policies
  • Deploy Cortex XDR agents on endpoints
  • Create and manage Exploit and Malware Prevention profiles
  • Investigate alerts and prioritize them using starring and exclusion policies
  • Tune Security profiles using Cortex XDR exceptions
  • Perform and track response actions in the Action Center
  • Perform basic troubleshooting related to Cortex XDR agents
  • Deploy a Broker VM and activate the Local Agents Settings applet
  • Understand Cortex XDR deployment concepts and activation requirements
  • Work with the Customer Support Portal and Cortex XDR Gateway for authentication and authorization

Course Content

Course Modules

1 – Cortex XDR Overview

2 – Cortex XDR Main Components

3 – Cortex XDR Management Console

4 – Profiles and Policy Rules

5 – Malware Protection

6 – Exploit Protection

7 – Cortex XDR Alerts

8 – Tuning Policies Using Exceptions

9 – Response Actions

10 – Basic Agent Troubleshooting

11 – Broker VM Overview

12 – Deployment Considerations

Course Overview

This instructor-led course teaches you how to use the Incidents pages of the Cortex XDR management console to investigate attacks. It explains causality chains, detectors in the Analytics Engine, alerts versus logs, log stitching, and the concepts of causality and analytics.

You will learn how to analyze alerts using the Causality and Timeline Views and how to use advanced response actions, such as remediation suggestions, the EDL service, and remote script execution.

Multiple modules focus on how to leverage the collected data. You will create simple search queries in one module and XDR rules in another. The course demonstrate how to use specialized investigation views to visualize artifact-related data, such as IP and Hash Views. Additionally, it provides an introduction to XDR Query Language (XQL). The course concludes with Cortex XDR external-data-collection capabilities, including the use of Cortex XDR API to receive external alerts.

Course Objectives

Successful completion of this instructor-led course with hands-on lab activities should enable participants to:

  • Investigate and manage incidents
  • Describe the Cortex XDR causality and analytics concepts
  • Analyze alerts using the Causality and Timeline Views
  • Work with Cortex XDR Pro actions such as remote script execution
  • Create and manage on-demand and scheduled search queries in the Query Center
  • Create and manage the Cortex XDR rules BIOC and IOC
  • Working with Cortex XDR assets and inventories
  • Write XQL queries to search datasets and visualize the result sets
  • Work with Cortex XDR’s external-data collection

Course Content

Course Modules

1 – Cortex XDR Incidents

2 – Causality and Analytics Concepts

3 – Causality Analysis of Alerts

4 – Advanced Response Actions

5 – Building Search Queries

6 – Building XDR Rules

7 – Cortex XDR Assets

8 – Introduction to XQL

9 – External Data Collection

Course Overview

The Prisma Access SSE: Configuration and Deployment course introduces you to the operational deployment of Prisma Access Secure Access Service Edge (SASE) and how it helps organizations embrace the needs of the modern workforce by providing network connectivity and network security services from the cloud. This course will enable you to deploy, configure, maintain, and troubleshoot Prisma Access using Strata Cloud Manager. The course is intended for professionals in cybersecurity and public-cloud security, as well as general network-security professionals who want to learn how to secure remote networks and mobile users.

Course Objectives

Successful completion of this four-day, instructor-led course will help enhance your understanding of how to better protect your applications, remote networks, and mobile users using a SASE implementation.

In a lab environment, you will get hands-on experience configuring, managing, and troubleshooting Prisma Access via Strata Cloud Manager.

Course Content

  1. Prisma SASE
  2. Prisma Access Architecture
  3. Strata Cloud Manager
  4. Licensing and Activation
  5. Service Connections
  6. Remote Networks
  7. Mobile Users
  8. Prisma Access Explicit Proxy
  9. ZTNA Connector
  10. Prisma Access Browser
  11. Autonomous Digital Experience Management (ADEM)


Course Overview

The importance of robust cybersecurity measures cannot be overstated, as organizations are increasingly facing all types of cyberattacks. The NIS 2 Directive is a legislation that has been designed to strengthen the cybersecurity posture of critical infrastructure sectors, including energy, transport, healthcare, and digital services. 

By attending the NIS 2 Directive Lead Implementer training course, you gain in-depth knowledge of the directive’s requirements, implementation strategies, and best practices that protect critical infrastructure from cyber threats. Through interactive sessions and practical exercises, you will learn how to assess organization’s cybersecurity risks, develop robust incident response plans, and implement effective security measures to meet the requirements of NIS 2 Directive. Moreover, you will gain insights into industry standards and best practices that will enable you to stay up to date with the evolving threat landscape and implement cutting-edge cybersecurity solutions. After successfully completing this training course, you will become a trusted cybersecurity professional that possesses the expertise to navigate the complex landscape of critical cybersecurity infrastructure and contribute to the resilience of your organization and society as a whole.

After passing the exam, you can apply for the “Certified NIS 2 Directive Lead Implementer” credential.

Course Objectives

Upon successfully completing the training course, you will be able to:

  • Explain the fundamental concepts of NIS 2 Directive and its requirements
  • Obtain a thorough comprehension of the principles, strategies, methodologies, and tools necessary for implementing and efficiently managing a cybersecurity program in compliance with NIS 2 Directive
  • Learn how to interpret and implement NIS 2 Directive requirements in the specific context of an organization
  • Initiate and plan the implementation of NIS 2 Directive requirements, by utilizing PECB’s methodology and other best practices
  • Acquire the necessary knowledge to support an organization in effectively planning, implementing, managing, monitoring, and maintaining a cybersecurity program in compliance with NIS 2 Directive

Course Content

  • Day 1: Introduction to NIS 2 Directive and initiation of the NIS 2 Directive implementation
  • Day 2: Analysis of NIS 2 Directive compliance program, asset management, and risk management
  • Day 3: Cybersecurity controls, incident management, and crisis management
  • Day 4: Communication, testing, monitoring, and continual improvement in cybersecurity
  • Day 5: Certification exam