Palo Alto Cortex XSOAR: A Practical Guide, First Edition 2021
I am glad to announce my new book on Palo Alto Cortex XSOAR. This is a step by step, beginner friendly 100% practical guide to learn SOAR platform with Cortex XSOAR.
Paperback : https://www.amazon.com/dp/B08Z4CTCJS/
E-book : https://www.amazon.com/dp/B08Z78WBQV
Cortex XSOAR is the Security Orchestration, Automation and Response (SOAR) solution from Palo Alto Networks. Cortex XSOAR provides a centralized security orchestration and Automation solution to accelerate incident response and increase analyst productivity. A SOAR platform integrates your organization's security and monitoring tools, helping you centralize, standardize your incident handing processes.This book is a beginner friendly, step by step, practical guide that helps you to understand and learn Palo Alto Cortex XSOAR from scratch. No previous knowledge about the product is required and have explained all the important topics step by step, with screenshots.
Covers,
1) Solution architecture
2) Incident lifecycle in Cortex XSOAR
3) Integrations and incident creation
4) Playbook development
5) Layout customization
6) Report creation
7) Backup options
8) Threat Intel management and EDL integration.
9) Introduction to MSSP.
Contents
How to Use this book?
1.Introduction
1.1 What is Security Incident Management?
1.2 What is a Security Operations Centre (SOC)?
1.3 What is SOAR?
1.4 Palo Alto Cortex XSOAR
2. Cortex XSOAR Hardware and Software requirements
2.1 Deployment Options.
2.2 Software and Hardware Requirements.
3. Solution Architecture
3.1 Components of a XSOAR solution
3.1.1 Cortex XSOAR Engine
3.1.2 Dedicated Database Server
3.1.3 Distributed Database Servers
3.1.4 Live backup Server
3.1.5 Dev Server
4. Installing Cortex XSOAR
4.1 Standalone Cortex XSOAR Installation
4.2. Post-Installation Health check.
5. Basic Configurations
5.1 Adding Mail-Sender Integration
5.2 Adding Users in to Cortex XSOAR
5.3 External Authentication
5.4 Role Based Access Control
6. Familiarize with Cortex XSOAR GUI
6.1 Settings
6.2 Marketplace
6.3 Automations.
6.4 Integrations.
6.5 XSOAR commands
6.6 Incidents
6.7 Indicators
6.8 Reports and Dashboards
6.9 Jobs
7. Incident Management Lifecycle in Cortex XSOAR
7.1 Planning
7.1.1 Create incident Fields
7.1.2 Create Incident Type.
7.1.2 Create Incident Layout.
7.2 Configure Integrations.
7.3 Classification and Mapping.
7.4 Pre-Processing.
7.5 Incident Created.
7.6 Running Playbooks.
7.7 Post-Processing.
8. Playbook Development
8.1 Playbook Icons
8.2 Create Playbook
8.3 Sub Playbook
9. Incident Investigation
9.1 Context
9.2 Duplicate Incidents
10. Demo: Phishing Incident Investigation.
11. Demo: Malware Incident Investigation.
11.1 Playbook Creation
11.2 Incident Creation
11.3 Incident Investigation
12. Demo: Block Malicious IP in Firewall.
12.1 Playbook Creation
12.2 Incident Creation
12.3 Incident Investigation
13. Threat Intel Management (TIM)
13.1 Configuring a TIM feed Instance.
13.2 External Dynamic List (EDL) Integration
14. Reports
15. Configure Backup
15.1 Automated Backup
15.2 Live Backup
16. Introduction to Cortex XSOAR for MSSP
17. Cortex XSOAR job roles.
18. Summary
Appendix: Useful Links