| Topic | Details |
| Topic 1 | - Data Analysis with XQL: This section of the exam measures the skills of Security Data Analysts and covers using the XSIAM Query Language (XQL) to analyze and correlate security data. It involves understanding Cortex Data Models, analyzing events through datasets, and interpreting XQL syntax, schema, and query options such as libraries and scheduled queries.
|
| Topic 2 | - Incident Handling and Response: This section of the exam measures the skills of Incident Response Analysts and covers managing the complete lifecycle of incidents. It involves explaining the incident creation process, reviewing and investigating evidence through forensics and identity threat detection, analyzing and responding to security events, and applying automated responses. The section also focuses on interpreting incident context data, differentiating between alert grouping and data stitching, and hunting for potential IOCs.
|
| Topic 3 | - Endpoint Security Management: This section of the exam measures the skills of Endpoint Security Administrators and focuses on validating endpoint configurations and monitoring activities. It includes managing endpoint profiles and policies, verifying agent status, and responding to endpoint alerts through live terminals, isolation, malware scans, and file retrieval processes.
|
| Topic 4 | - Alerting and Detection Processes: This section of the exam measures the skills of Security Analysts and focuses on recognizing and managing different types of analytic alerts in the Palo Alto Networks XSIAM platform. It includes alert prioritization, scoring, and incident domain handling. Candidates must demonstrate understanding of configuring custom prioritizations, identifying alert sources like correlations and XDR indicators, and taking corresponding actions to ensure accurate threat detection.
|
age 46 (Incident Handling section, Causality and Forensics)