| Topic | Details |
| Topic 1 | - Threat Intelligence Management and ASM: This section of the exam measures the skills of Threat Intelligence Analysts and focuses on handling and analyzing threat indicators and attack surface management (ASM). It includes importing and managing indicators, validating reputations and verdicts, creating prevention and detection rules, and monitoring asset inventories. Candidates are expected to use the Attack Surface Threat Response Center to identify and remediate threats effectively.
|
| Topic 2 | - Incident Handling and Response: This section of the exam measures the skills of Incident Response Analysts and covers managing the complete lifecycle of incidents. It involves explaining the incident creation process, reviewing and investigating evidence through forensics and identity threat detection, analyzing and responding to security events, and applying automated responses. The section also focuses on interpreting incident context data, differentiating between alert grouping and data stitching, and hunting for potential IOCs.
|
| Topic 3 | - Alerting and Detection Processes: This section of the exam measures the skills of Security Analysts and focuses on recognizing and managing different types of analytic alerts in the Palo Alto Networks XSIAM platform. It includes alert prioritization, scoring, and incident domain handling. Candidates must demonstrate understanding of configuring custom prioritizations, identifying alert sources like correlations and XDR indicators, and taking corresponding actions to ensure accurate threat detection.
|
| Topic 4 | - Data Analysis with XQL: This section of the exam measures the skills of Security Data Analysts and covers using the XSIAM Query Language (XQL) to analyze and correlate security data. It involves understanding Cortex Data Models, analyzing events through datasets, and interpreting XQL syntax, schema, and query options such as libraries and scheduled queries.
|