This Cortex XSOAR: Automation and Orchestration training course is designed to enable a SOC, CERT, CSIRT, or SOAR engineer to start working with Cortex XSOAR integrations, playbooks, incident-page layouts, and other system features to facilitate resource orchestration, process automation, case management, and analyst workflow. The third module of the course demonstrates a complete playbook-development process for automating a typical analyst workflow to address phishing incidents. This end-to-end view of the development process provides a framework for more focused discussions of individual topics that are covered in subsequent modules.
By attending Cortex XSOAR: Automation and Orchestration workshop, delegates will learn to:
- Configure integrations, create tasks, and develop playbooks
- Build incident layouts that enable analysts to triage and investigate incidents efficiently
- Identify how to categorize event information and map that information to display fields
- Develop automations, manage content, indicator data, and artifact stores, schedule jobs, organize users and user roles, oversee case management, and foster collaboration
- Experience with scripting, the use of Python and JavaScript, and the use of JSON data objects.
The Cortex XSOAR: Automation and Orchestration class is ideal for:
- Security-operations (SecOps), or security, orchestration, automation, and response (SOAR) engineers, managed security service providers (MSSPs), service delivery partners, system integrators, and professional services engineers.