Course Overview

In this course, you learn about the IBM Security® QRadar® SOAR architecture, and how to position the product in your company’s security architecture design. You gain hands-on experience with the SOAR interface, by investigating and managing cases and users with the SOAR Breach Response module, playbooks, and email integration.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

In this course, you learn about the following topics:

  • QRadar SOAR architectural patterns
  • Install the product, and configure license and access
  • Review the SOAR Console
  • Manage cases
  • Utilize the concept of artifacts
  • Utilize case management capabilities
  • Integrate email system for users and case management
  • Focus on the Breach Response module
  • Gain hands-on experience with the SOAR platform
  • Design playbooks
  • Integrate IBM and third-party solutions with SOAR

Course Content

Getting started

  • Describe architectural patterns
  • Install the product and configure license and access
  • Review the SOAR Console
  • Manage cases and use Breach Response add-on
  • Utilize the concept of artifacts

Case management and email integration

  • Utilize case management capabilities
  • Integrate email system for users and case management
  • Focus on the Breach Response module

Playbooks and integrations

  • Gain hands-on experience with the SOAR platform
  • Design playbooks
  • Integrate IBM and third-party solutions with SOAR

Course Overview

In this course, you learn about the IBM Security® QRadar® EDR architecture and how to position the product within your company’s landscape of security solutions. You gain skills around how to install the QRadar EDR Hive on your premises and the EDR Agents on your endpoints. You can review the user interface and how to navigate the EDR Dashboard while investigating endpoint threats.

This course applies to version 3.12 of the on-premises QRadar EDR offering.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

In this course, you learn to perform the following tasks:

  • Navigate the QRadar EDR Dashboard
  • Describe the QRadar EDR architecture
  • Install the on-premises QRadar EDR Hive and configure the initial setup
  • Deploy the QRadar EDR Agent on your endpoints
  • Investigate threats on endpoints
  • Manage endpoints
  • Understand and respond to alerts and trends
  • Act upon behavioral malware and ransomware attacks
  • Configure notifications and Simple Mail Transfer Protocol
  • Set up forwarding alerts
  • Define policies
  • Handle downloaded and quarantined files from your endpoints
  • Set up users, groups, and clients
  • Configure Hive-Cloud Score
  • Create applications
  • Monitor audit logs

Course Content

Getting started

  • Dashboard overview
  • Architecture
  • QRadar EDR on-prem installation
  • Downloading, installing, and updating the QRadar EDR Agent

Protecting your endpoints

  • Investigating threats on endpoints
  • Managing endpoints
  • Understanding and responding to alerts and trends
  • Acting upon behavioral malware and ransomware attacks
  • Hunting for threats on your endpoint using a QRadar EDR lab

Administering your environment

  • Configuring notifications and Simple Mail Transfer Protocol (SMTP)
  • Setting up forwarding alerts
  • Defining policies
  • Handling downloaded and quarantined files from your endpoints
  • Setting up users, groups, and clients
  • Configuring Hive-Cloud Score
  • Creating applications
  • Monitoring audit logs

Course Overview

This two-day course provides the opportunity for students to develop the knowledge and skills required to configure, operate, monitor, and maintain Paragon Active Assurance deployments. 

The goal of the Paragon Active Assurance course is to give students hands-on experience with the tools they require to effectively use and manage Paragon Active Assurance Control Center and the Test Agents.

The Paragon Active Assurance for Automated WAN (PAAW) course is an intermediate level course.

Relevant Juniper Product

• Paragon Active Assurance

Course Objectives

• Deploy and administer Paragon Active Assurance.

• Monitor and test network performance using Paragon Active Assurance.

• Integrate Paragon Active Assurance into OSS.

• Test site activation using Paragon Active Assurance.

Course Content

Day 1

Course Introduction

PAA Solution Components

• PAA Overview

• Passive and Active Monitoring

• Use Cases

Test Agent Architecture

• Test Agents Overview

• Appliance

• Application

Lab 1: Test Agent Registration

Tests

• Overview

• Types of Tests

• Test Status

Lab 2: Site Activation Testing

Day 2

Monitors

• Overview

• Types of Monitors

• Monitor Status

Lab 3: Continuous Network Performance Monitoring

Testing and Monitoring Templates

• Overview

• Types of Templates

Lab 4: Working with Templates

Getting Ready with REST APIs

• Overview

• Main Concepts

• SWAGGER tool

• Use Cases

Lab 5: Automation via REST APIs

Management and Integration with OSS

• Inventory

• Alarms

• SNMP

• Applications

• OSS Integration

The following Appendices be covered, if time permits, and are requested by the delegate/s prior to booking:

Appendix A: NETCONF and YANG APIs

• NETCONF

• YANG

Appendix B: Lifecycle Management

• Overview

• Fundamentals for the PAA Installation

• Service Configuration

• Monitoring System Health

• System Troubleshooting

Course Overview

The Prisma Access SASE Security: Design and Operation (EDU-318) course describes Panorama Managed Prisma Access Secure Access Service Edge (SASE) and how it helps organizations embrace cloud and mobility by providing network and network security services from the cloud. This course is intended for people in public cloud security and cybersecurity or anyone wanting to learn how to secure remote networks and mobile users.

Course Objectives

Successful completion of this four-day, instructor-led course will help:

  • Enhance your understanding of how to protect better your applications,remote networks, and  mobile users using a SASE implementation.
  • You will get hands-on experience configuring, managing, and troubleshooting Prisma Access ina lab environment.

Course Content

1- Prisma AccessOverview
2- Planning and Design
3- Routing and SD-WANDesign
4- Zero Trust Network Access (ZTNA) Connector
5- Activate and Configure
6- Security Processing Nodes
7- Panorama Operations for Prisma Access
8- Remote Networks
9- Mobile Users
10- Cloud Secure Web Gateway
11- Tune,Optimize, and Troubleshoot
12- Manage Multiple Tenants
13- Insights
14- ADEM
15- Next Steps

Schedule

Day 1 Chapters 1,2 and 3
Day 2 Chapters 4,5 and6
Day 3 Chapters 7, 8, 9, and 10
Day 4 Chapters 11, 12, 13, and 14

Course Overview

The Palo Alto Networks Panorama: NGFW Management course is two days of instructor-led training that should help you to:

– Learn how to configure and manage the next-generation Panorama management server

– Gain experience configuring templates (including template variables) and device groups

– Gain experience with administration, log collection, and logging and reporting

– Become familiar with planning and design considerations for Panorama deployment

Course Objectives

This course should help students gain in-depth knowledge about configuring and managing a Palo Alto Networks Panorama management server. Administrators that complete this course should become familiar with the Panorama management server’s role in managing and securing the overall network.

Network professionals will be shown how to use Panorama aggregated reporting to provide them with a holistic view of a network of Palo Alto Networks next[1]generation firewalls

Course Content

Course Modules

1 – Initial Configuration

2 – Adding Firewalls

3 – Templates

4 – Device Groups

5 – Log Collection and Forwarding

6 – Using Panorama Logs

7 – Panorama Administrative Accounts

8 – Reporting

9 – Troubleshooting

Course Overview

The Palo Alto Networks Panorama: Centralized Network Security Management course is three days of instructor-led training that should help you to:

– Learn how to configure and manage the next-generation Panorama management server

– Gain experience configuring templates (including template variables) and device groups

–  Gain experience with administration, log collection, and logging and reporting

– Become familiar with planning and design considerations for Panorama deployment

– Activate, configure, and manage Prisma Access using Panorama

Course Objectives

This course should help students gain in-depth knowledge about configuring and managing a Palo Alto Networks Panorama management server. Administrators that complete this course should become familiar with the Panorama management server’s role in managing and securing the overall network.

Network professionals will be shown how to use Panorama aggregated reporting to provide them with a holistic view of a network of Palo Alto Networks next-generation firewalls.

Course Content

Course Modules

1 – Initial Configuration

2 – Adding Firewalls

3 – Templates

4 – Device Groups

5 – Log Collection and Forwarding

6 – Using Panorama Logs

7 – Panorama Administrative Accounts

8 – Reporting

9 – Troubleshooting

10 – Prisma Access Overview

11 – Activate and Configure

12 – Templates and Device Groups

13 – Configure Service Connections

14 – Secure Remote Networks

Course Overview

The Palo Alto Networks Panorama: Centralized Network Security Administration course is two days of instructor-led  training that should help you to:

– Learn how to configure and manage the next-generation Panorama management server

– Gain experience configuring templates (including template variables) and device groups

– Activate, configure, and manage Prisma Access using Panorama

Course Objectives

This course should help students gain experience configuring and managing Palo Alto Networks Panorama management servers. Administrators that complete this course should become familiar with the Panorama management server’s role in managing and securing the overall network.

Course Content

  1. Initial Configuration
  2. Adding Firewalls
  3. Templates
  4. Device Groups
  5. Prisma Access Overview
  6. Activate and Configure
  7. Templates and Device Groups
  8. Configure Service Connections
  9. Secure Remote Networks

Course Overview

The Palo Alto Networks Firewall: Troubleshooting course is three days of instructor-led training that will help you to:

– Use firewall tools, including the CLI, to investigate networking issues

– Follow proven troubleshooting methodologies that are specific to individual features

– Analyze advanced logs to resolve various real-life scenarios

– Solve advanced, scenario-based challenges

Course Objectives

Successful completion of this three-day, instructor-led course will enhance the participant’s understanding of troubleshooting the full line of Palo Alto Networks next-generation firewalls.

Participants will perform hands-on troubleshooting related to the configuration and operation of the Palo Alto Networks firewall.

Completing this class will help participants develop an in-depth knowledge of how to troubleshoot visibility and control over applications, users, and content.

Course Content

Course Modules

1 – Tools and Resources

2 – Flow Logic

3 – Packet Captures

4 – Packet-Diagnostics Logs

5 – Host-Inbound Traffic

6 – Transit Traffic

7 – System Services

8 – Certificate Management and SSL Decryption

9 – User-ID

10 – GlobalProtect

11 – Support Escalation and RMAs

12 – Next Steps

Course Overview

The Palo Alto Networks Firewall Essentials: Configuration and Management (EDU-210) course is five days of instructor led training that will help you to:

– Configure and manage the essential features of Palo Alto Networks next-generation firewalls

– Configure and manage Security and NAT policies to enable approved traffic to and from zones

– Configure and manage Threat Prevention strategies to block traffic from known and unknown IP addresses, domains, and URLs

– Monitor network traffic using the interactive web interface and firewall reports

Course Objectives

Successful completion of this five-day, instructor-led course should enhance the student’s understanding of configuring and managing Palo Alto Networks Next-Generation Firewalls.

The course includes hands-on experience configuring, managing, and monitoring a firewall in a lab environment.

Course Content

Course Modules

1 – Palo Alto Networks Portfolio and Architecture

2 – Configuring Initial Firewall Settings

3 – Managing Firewall Configurations

4 – Managing Firewall Administrator Accounts

5 – Connecting the Firewall to Production Networks with Security Zones

6 – Creating and Managing Security Policy Rules

7 – Creating and Managing NAT Policy Rules

8 – Controlling Application Usage with App-ID

9 – Blocking Known Threats Using Security Profiles

10 – Blocking Inappropriate Web Traffic with URL Filtering

11 – Blocking Unknown Threats with Wildfire

12 – Controlling Access to Network Resources with User-ID

13 – Using Decryption to Block Threats in Encrypted Traffic

14 – Locating Valuable Information Using Logs and Reports

15 – What’s Next in Your Training and Certification Journey

Supplemental Materials

Securing Endpoints with GlobalProtect

Providing Firewall Redundancy with High Availability

Connecting Remotes Sites using VPNs

Blocking Common Attacks Using Zone Protection

Course Overview

XSIAM is the industry’s most comprehensive security incident and asset management platform, offering extensive coverage for securing and managing infrastructure, workloads, and applications across multiple environments.

Throughout this course, you will explore the key features of Cortex XSIAM.

This course is designed to enable you to:

– Deploy, configure, and install XDR agents and configure Agent Groups and profiles
– Investigate incidents, examine assets and artifacts, and understand the causality chain
– Create correlation rules, use XQL to query logs, and analyze incidents using available tools and resources

Course Objectives

  • The course is designed to enable cybersecurity professionals, particularly those in SOC/CERT/CSIRT and Security Engineering roles, to use XSIAM.
  • The course reviews XSIAM intricacies, from fundamental components to advanced strategies and automation techniques, including skills needed to navigate incident handling, optimize log sources, and orchestrate cybersecurity excellence.

Course Content

1 – Introduction to Cortex XSIAM
2 – Elements of Security Operations
3 – Maturity Model
4 – Agent Deployment and Configuration
5 – Data Source Ingestion
6 – Visibility
7 – Data Model
8 – Analytics
9 – Alerting and Detecting
10 – Attack Surface Management
11 – Automation
12 – Incident Handling / SOC