Skip to main Content

Exam Vouchers: Palo Alto Networks: XSIAM Engineer (PAN-S-XSIAME)

  • Price: £225.00
  • Code: PAN-S-XSIAME

£225.00

excl. VAT

Add to Cart Add to Cart

Jump to:

Description

Top

The Palo Alto Networks Certified XSIAM Engineer certification is designed to validate the knowledge and skills required to use the Palo Alto Networks XSIAM platform for installation, deployment configuration, post-deployment management and configuration, data source onboarding and integration configuration, playbook creation, and detection engineering.

The purpose of this document is to help you prepare for the exam and attain the certification. Please note that this document is intended to help identify the topics covered and to provide resources and references for understanding those topics. It is not intended to be used as the sole document to prepare for the
XSIAM Engineer exam.

Target Audience

This exam is designed for the XSIAM engineers and SIEM engineers responsible for installation, deployment configuration, post-deployment management and configuration, data source onboarding and integration configuration, playbook creation, and detection engineering.

Exam Details

Duration: 90 minutes
Format: Multiple-choice questions
Language: English

Further Information

Top

Blueprint

The blueprint table lists the domains covered and includes domain weighting. The percentage weights represent the portion of the exam score that is attributed to each domain. Many candidates find the table provides focus for studies during exam preparation. Also included in the blueprint table are the more specific tasks associated with each domain. Pay particular attention to these tasks, as they provide more targeted areas of study within the domains.

Objectives

Top
  • Working knowledge of security operations
  • Basic understanding of network security, infrastructure, protocols, and topology
  • Working knowledge of endpoint OS fundamentals and security hardening methods
  • Working knowledge of SIEM and security operations technology
  • Basic knowledge of current and emergent trends in information security
  • Use security models / architectures (e.g., defense-in-depth, Zero Trust)
  • Working knowledge of programming and scripting languages (i.e., Python, Powershell, SQL, RegEx, XQL)
  • Ability to implement automation and orchestration for efficient incident handling
  • Ability to ingest data from threat and vulnerability feeds and determine applicability to the organization
  • Working knowledge of log source onboarding, log normalization, and parsing
  • Ability to integrate products and tools, including third-party products and tools
  • Ability to configure agents, including policies and profiles
  • Ability to ensure the availability, integrity, and security of data through monitoring
  • Working knowledge of security frameworks (e.g., MITRE ATT&CK)
  • Basic understanding of vulnerability management
  • Basic understanding of threat intelligence management
  • Familiarity with common data formats and data transformation (e.g., JSON, XML, CEF)
  • Basic understanding of SaaS architectures

Content

Top

1. Planning and Installation 22%

1.1 Evaluate the existing IT infrastructure and security posture to align with XSIAM architecture
1.2 Evaluate deployment requirements, objectives, and resources
1.2.1 Hardware
1.2.2 Software
1.2.3 Data sources
1.2.4 Integrations
1.3 Identify communication requirements for XSIAM components
1.4 Install and configure Cortex XSIAM components
1.4.1 Agents
1.4.2 Broker VM
1.4.3 Engine
1.5 Configure user roles, permissions, and access controls

2. Integration and Automation 30%

2.1 Onboard data sources (e.g., endpoint, network, cloud, identity)
2.2 Configure automation and feed integrations (e.g., messaging, SIEM, authentication, threat intelligence feeds)
2.3 Implement and maintain Marketplace content packs
2.4 Manage automation workflow
2.4.1 Plan
2.4.2 Playbook tasks
2.4.3 Customize
2.4.4 Debug

3. Content Optimization 24%

3.1 Deploy parsing rules for unique data formats
3.2 Deploy data modeling rules for data normalization
3.3 Manage detection rules to align with provided requirements
3.3.1 Correlation
3.3.2 Indicators of compromise (IOCs) and behavioral indicators of compromise (BIOCs)
3.3.3 Indicator rules
3.3.4 Scoring rules
3.3.5 Attack Surface Management (ASM) rules
3.4 Manage incident and alert layout
3.5 Create custom dashboards and reporting templates

4. Maintenance and Troubleshooting 24%

4.1 Manage exception and exclusion configurations
4.2 Manage XSIAM software component updates (e.g., content, XDR agent, XDR collector, Broker VM)
4.3 Troubleshoot data management issues (e.g., data ingestion, normalization, parsing)
4.4 Troubleshoot Cortex XSIAM components (e.g., agents, integrations, playbooks)

Pre-requisites

Top

Recommended Prerequisites:

  • Cybersecurity Apprentice
  • Cybersecurity Practitioner
  • Security Operations Generalist XSIAM Analyst