Cortex XDR: Prevention, Analysis, and Response (EDU-260)

This EDU-260 course equips you with the skills to prevent endpoint attacks through an introduction to Cortex XDR components, use of the management console, agent installation, and creation of security profiles and policies. You’ll also learn to manage response actions, tune profiles, work with alerts, and perform basic troubleshooting of Cortex XDR agents and deployment.

Cortex XDR: Prevention, Analysis, and Response (EDU-260)



Starting with an overview of Cortex XDR components, the course guides you through using the Cortex XDR management console, demonstrating how to install agents and develop robust security profiles and policies.

Throughout this training, you will learn to perform and monitor response actions, fine-tune security profiles, and effectively manage Cortex XDR alerts. The course also covers essential troubleshooting for the agent and the on-premises Broker VM component, along with broader Cortex XDR deployment strategies.


Participants should have a solid understanding of enterprise product deployment, networking, and security principles.


Level: Intermediate

Duration: 3 Days

Format: Instructor-Led Training

Supported Platforms: Cortex XDR

Target Audience

Cybersecurity analysts, engineers, security operations specialists, administrators, and product deployment professionals.

Best Practices

Datacipher stands out as an Authorized Training Partner, renowned for its exceptional educational programs and dedication to training excellence. The trainers bring a wealth of expertise and enthusiasm to each session, combining their roles as seasoned professionals with active engagement in security consulting, providing participants with invaluable real-world insights and practical knowledge.




Can the EDU-260 course be taken online?
Yes. Our online sessions are led by experienced instructors using web conferencing, complete with live demonstrations and access to personal labs.

Is in-person classroom training available?
Yes, we offer in-person training at our facilities or as customized on-site sessions. Check our “Price and Dates” section or contact us for details.

Will I receive official course materials?
Participants receive all materials in electronic and printed forms, including detailed slides and recordings. Please ensure your booking is confirmed at least ten days in advance for printed materials.

Can the electronic coursebook be printed?
Yes, the electronic coursebook is printable, offering flexible study options.

Do participants receive a certificate of completion?
Upon completion, participants receive an official Palo Alto Networks certificate, acknowledging their proficiency.

Exam Resources



Study guide

Sample Questions

Course Outline

Module 1 – Getting Started with Endpoint Protection
Module 2 – Working with Cortex Apps
Module 3 – Cortex XDR Family Overview
Module 4 – Malware Protection
Module 5 – Exploit Protection
Module 6 – Exceptions and Response Actions
Module 7 – Behavioral Threat Analysis
Module 8 – Cortex XDR Rules
Module 9 – Incident Management
Module 10 – Alert Analysis Views
Module 11 – Search and Investigate
Module 12 – Basic Troubleshooting
  • Select Time Zone
    Americas Date and Time
    Asia Date and Time
    Europe Date and Time

Training Credits/Participant: 30

Payment Methods

We accept all common payment methods in both the Euro and US Dollar as well as Palo Alto Networks training credits and vouchers for this Firewall: Troubleshooting (EDU-330) training course.

  • Training Credits and Vouchers from Palo Alto Networks – We accept both training credits and training vouchers issued by Palo Alto Networks. To sign-up for a course and pay using training credits or vouchers, please use the Register button above. You can select training credits at the end of the registration form.
  • Purchase Order “PO” – If your company wants to raise a purchase order to book a training course, please sign-up using the register button above. At the end of the form, please answer the questions “How would you like to pay for the course?” with “My company will pay for it, please send me an invoice with the payment details”. Our training team will then send you an official quote which your company can use to issue the PO. Our training team will also be able to provide any additional information that might be required by your accounts department.
  • Bank Transfer – Consigas has a bank account both in the US and in Europe. Our banks support all common bank transfer methods like IBAN/BIC, Swift, ACH or wire transfer. To sign-up for a course and pay per bank transfer, please use the Register button above.
  • Credit Card – We can accept credit card payment from all major credit card companies like Mastercard, VISA, American Express, Discover & Diners or Cartes Bancaires. You can pay per credit card either directly through the registration link above, or we can issue an invoice with a web link to pay online. All credit card transactions are secured by Stripe and Consigas is not storing any credit card details.


Guaranteed to Run Training Courses
Guaranteed to Run – Consigas guarantees to run this Firewall Configuration and Management (EDU-210) class, exempt in unexpected circumstances of force majeure, like an accident or illness of the instructor, which prevents the course from being conducted.

Guaranteed on next Course Booking
Guaranteed on next Booking – Consigas guarantees to run this Firewall Configuration and Management (EDU-210) class if one more student registers for the training course.

Guaranteed on next Course Booking
Scheduled Class – Consigas has scheduled this Firewall Configuration and Management (EDU-210) training course and booked an instructor. We rarely cancel any classes because of low inscriptions and provide a “Cancel no more than Once” guarantee. This means that in the rare case that we cannot run a class because of low inscriptions, we guarantee running the next course regardless of the number of attendees.

Training Course Sold Out
Sold Out – This class is fully booked. Please contact us using this form and we will put you on the waiting list or let you know in case we schedule an additional class.

Half and Full-Day Training
We are offering training courses both in the classical full-day as well as in a half-day format. The half-day classes are specially tailored for IT professionals who cannot afford to leave the office for several days in a row. This format allows students to attend and fully focus on the course for a couple of hours and then catch up with their day-to-day job.The training content of both schedule formats is exactly the same. The only difference is that half-day classes distribute the course over a longer period of time. Consigas is running training courses in a half-day format for many years, and we have received very positive feedback from customers. Students tell us that besides being more flexible, it also enables them to learn more effectively as it gives them more time to process all information resulting in a better understanding.

Upon completing this instructor-led training, participants will be adept at using Cortex XDR to secure endpoints, managing the console, installing agents, and creating security profiles. The course also equips learners with skills in responding to alerts, tuning security settings, and troubleshooting, ensuring they can effectively deploy and maintain Cortex XDR solutions in their environments.



Become An Expert By Practice – Get Your Hands On Labs

Don’t let your tech outpace the skills of your people


Dedicated to excellence, we cultivate strong partnerships with worldwide technology innovators.


What Our Clients Say