Cortex XDR: Prevention, Analysis, and Response (EDU-260)

This EDU-260 course equips you with the skills to prevent endpoint attacks through an introduction to Cortex XDR components, use of the management console, agent installation, and creation of security profiles and policies. You’ll also learn to manage response actions, tune profiles, work with alerts, and perform basic troubleshooting of Cortex XDR agents and deployment.

Cortex XDR: Prevention, Analysis, and Response (EDU-260)



Starting with an overview of Cortex XDR components, the course guides you through using the Cortex XDR management console, demonstrating how to install agents and develop robust security profiles and policies.

Throughout this training, you will learn to perform and monitor response actions, fine-tune security profiles, and effectively manage Cortex XDR alerts. The course also covers essential troubleshooting for the agent and the on-premises Broker VM component, along with broader Cortex XDR deployment strategies.


Participants should have a solid understanding of enterprise product deployment, networking, and security principles.


Level: Intermediate

Duration: 3 Days

Format: Instructor-Led Training

Supported Platforms: Cortex XDR

Target Audience

Cybersecurity analysts, engineers, security operations specialists, administrators, and product deployment professionals.

Best Practices

Datacipher stands out as an Authorized Training Partner, renowned for its exceptional educational programs and dedication to training excellence. The trainers bring a wealth of expertise and enthusiasm to each session, combining their roles as seasoned professionals with active engagement in security consulting, providing participants with invaluable real-world insights and practical knowledge.




Can the EDU-260 course be taken online?
Yes. Our online sessions are led by experienced instructors using web conferencing, complete with live demonstrations and access to personal labs.

Is in-person classroom training available?
Yes, we offer in-person training at our facilities or as customized on-site sessions. Check our “Price and Dates” section or contact us for details.

Will I receive official course materials?
Participants receive all materials in electronic and printed forms, including detailed slides and recordings. Please ensure your booking is confirmed at least ten days in advance for printed materials.

Can the electronic coursebook be printed?
Yes, the electronic coursebook is printable, offering flexible study options.

Do participants receive a certificate of completion?
Upon completion, participants receive an official Palo Alto Networks certificate, acknowledging their proficiency.

Exam Resources


Credits Guide

Credits Datasheet

Credits FAQ

Course Outline

Module 1 – Getting Started with Endpoint Protection
Module 2 – Working with Cortex Apps
Module 3 – Cortex XDR Family Overview
Module 4 – Malware Protection
Module 5 – Exploit Protection
Module 6 – Exceptions and Response Actions
Module 7 – Behavioral Threat Analysis
Module 8 – Cortex XDR Rules
Module 9 – Incident Management
Module 10 – Alert Analysis Views
Module 11 – Search and Investigate
Module 12 – Basic Troubleshooting
  • Select Time Zone
    Americas Date and Time
    Asia Date and Time
    Europe Date and Time

Training Credits/Participant: 30

Payment Methods

At DataCipher, we provide a range of payment options for our Palo Alto courses. Here’s what you can choose from:

Palo Alto Networks Training Credits and Vouchers – We accept both training credits and training vouchers issued by Palo Alto Networks. To enroll in a course using your credits or vouchers, please click the Register button. You’ll have the opportunity to apply these credits during the final step of the registration process.

Purchase Order (PO) – If your organization prefers using a purchase order, begin the registration by clicking the Register button. At the conclusion of the registration form, choose the option “My company will pay for it, please send an invoice with the payment details.” Our training team will then provide an official quote and any necessary additional information that your accounts department might need to issue the PO.

Bank Transfer – DataCipher maintains bank accounts in both the US and Europe, accommodating all standard bank transfer methods such as IBAN/BIC, Swift, ACH, or wire transfer. To make a payment via bank transfer, simply use the Register button to sign up for your selected course.

Credit Card Payments – We accept payments from all major credit cards, including Mastercard, VISA, American Express, Discover & Diners, and Cartes Bancaires. Payments can be made directly through the registration link or by requesting an invoice that includes a web link for online payment. All transactions are secure, and DataCipher does not store any credit card information.

These methods are designed to make the registration process as smooth and flexible as possible for all participants.


Guaranteed to Run – DataCipher is committed to running this class unless unforeseen events such as an instructor’s accident or illness occur.

Guaranteed on Next Booking – The course will proceed once an additional student registers.

Scheduled Class – We have scheduled this course and rarely cancel due to low enrollment. We offer a “Cancel No More Than Once” guarantee, ensuring that if a class is canceled due to insufficient enrollment, the next session will run regardless of the number of attendees.

Sold Out – If the class is fully booked, please use our contact form to join the waiting list or to inquire about additional sessions. We’re here to accommodate your training needs and keep you informed of new opportunities.

Half and Full-Day Training

At DataCipher, we offer our training courses in both traditional full-day and convenient half-day formats. Our half-day classes are specifically designed for IT professionals who cannot be away from their workplaces for consecutive full days. This flexible schedule allows participants to dedicate a few hours to learning and then return to their regular work responsibilities.

The curriculum for both the full-day and half-day formats is identical. The primary difference is that the half-day classes spread the coursework over a more extended period, providing a balanced approach to professional education. DataCipher has been successfully running these half-day training sessions for several years, receiving consistently positive feedback from our customers. They appreciate the flexibility and report that the extended timeframe facilitates a deeper understanding of the material, as it gives them more time to absorb and reflect on the information learned.

Upon completing this instructor-led training, participants will be adept at using Cortex XDR to secure endpoints, managing the console, installing agents, and creating security profiles. The course also equips learners with skills in responding to alerts, tuning security settings, and troubleshooting, ensuring they can effectively deploy and maintain Cortex XDR solutions in their environments.



Become An Expert By Practice – Get Your Hands On Labs

Don’t let your tech outpace the skills of your people


Dedicated to excellence, we cultivate strong partnerships with worldwide technology innovators.


What Our Clients Say