Exams Vouchers: Palo Alto Networks: XSIAM Engineer (PAN-S-XSIAME)

The Palo Alto Networks Certified XSIAM Engineer certification is designed to validate the knowledge and skills required to use the Palo Alto Networks XSIAM platform for installation, deployment configuration, post-deployment management and configuration, data source onboarding and integration configuration, playbook creation, and detection engineering.

Target Audience

This exam is designed for the XSIAM engineers and SIEM engineers responsible for installation, deployment configuration, post-deployment management and configuration, data source onboarding and integration configuration, playbook creation, and detection engineering.

Exam Details

Duration: 90 minutes
Format: Multiple-choice questions
Language: English

Candidates should be able to demonstrate:

• Working knowledge of security operations
• Basic understanding of network security, infrastructure, protocols, and topology
• Working knowledge of endpoint OS fundamentals and security hardening methods
• Working knowledge of SIEM and security operations technology
• Basic knowledge of current and emergent trends in information security
• Use security models / architectures (e.g., defense-in-depth, Zero Trust)
• Working knowledge of programming and scripting languages (i.e., Python, Powershell, SQL, RegEx, XQL)
• Ability to implement automation and orchestration for efficient incident handling
• Ability to ingest data from threat and vulnerability feeds and determine applicability to the organization
• Working knowledge of log source onboarding, log normalization, and parsing
• Ability to integrate products and tools, including third-party products and tools
• Ability to configure agents, including policies and profiles
• Ability to ensure the availability, integrity, and security of data through monitoring
• Working knowledge of security frameworks (e.g., MITRE ATT&CK)
• Basic understanding of vulnerability management
• Basic understanding of threat intelligence management
• Familiarity with common data formats and data transformation (e.g., JSON, XML, CEF)
• Basic understanding of SaaS architectures

1. Planning and Installation 22%

• 1.1 Evaluate the existing IT infrastructure and security posture to align with XSIAM architecture
• 1.2 Evaluate deployment requirements, objectives, and resources
• 1.2.1 Hardware
• 1.2.2 Software
• 1.2.3 Data sources
• 1.2.4 Integrations
• 1.3 Identify communication requirements for XSIAM components
• 1.4 Install and configure Cortex XSIAM components
• 1.4.1 Agents
• 1.4.2 Broker VM
• 1.4.3 Engine
• 1.5 Configure user roles, permissions, and access controls

2. Integration and Automation 30%

• 2.1 Onboard data sources (e.g., endpoint, network, cloud, identity)
• 2.2 Configure automation and feed integrations (e.g., messaging, SIEM, authentication, threat intelligence feeds)
• 2.3 Implement and maintain Marketplace content packs
• 2.4 Manage automation workflow
• 2.4.1 Plan
• 2.4.2 Playbook tasks
• 2.4.3 Customize
• 2.4.4 Debug

3. Content Optimization 24%

• 3.1 Deploy parsing rules for unique data formats
• 3.2 Deploy data modeling rules for data normalization
• 3.3 Manage detection rules to align with provided requirements
• 3.3.1 Correlation
• 3.3.2 Indicators of compromise (IOCs) and behavioral indicators of compromise (BIOCs)
• 3.3.3 Indicator rules
• 3.3.4 Scoring rules
• 3.3.5 Attack Surface Management (ASM) rules
• 3.4 Manage incident and alert layout
• 3.5 Create custom dashboards and reporting templates

4. Maintenance and Troubleshooting 24%

• 4.1 Manage exception and exclusion configurations
• 4.2 Manage XSIAM software component updates (e.g., content, XDR agent, XDR collector, Broker VM)
• 4.3 Troubleshoot data management issues (e.g., data ingestion, normalization, parsing)
• 4.4 Troubleshoot Cortex XSIAM components (e.g., agents, integrations, playbooks)

Recommended completion of:

• Palo Alto Networks: Cortex XSIAM: Security Operations, Integration and Automation