The Palo Alto Networks Certified XDR Engineer validates the knowledge and skills of experienced engineers in installation, deployment configuration, post deployment management and configuration, data source onboarding, integration configuration, and detection engineering using Cortex XDR. The certification also validates the application of Cortex XDR architecture.
This certification is designed for security operations engineers, security engineers, XDR and SOC engineers, detection engineers, security architects, security operations support engineers, and individuals responsible for deployment, configuration, data onboarding, playbook creation, and troubleshooting in security operations environments.
Skills Required:
- Working knowledge of security operations
- Understanding of network security, infrastructure, protocols, and topology
- Working knowledge of endpoint OS fundamentals and security hardening methods
- Working knowledge of security operations technology
- Knowledge of current and emergent trends in information security
- Ability to use security models / architectures (e.g., defense-in-depth, Zero Trust)
- Working knowledge of programming and scripting languages (i.e., Python, Powershell, SQL, RegEx, XQL)
- Ability to implement automation for efficient incident handling
- Working knowledge of log source onboarding, log normalization, and parsing
- Ability to integrate products and tools, including third-party products and tools
- Ability to configure agents, including policies and profiles
- Ability to ensure the availability, integrity, and security of data through monitoring
- Working knowledge of security frameworks (e.g., MITRE ATT&CK)
- Understanding of vulnerability management
- Familiarity with common data formats and data transformation (e.g., JSON, XML, CEF)
- Understanding of SaaS architectures
Recommended training for this certification
Candidates are strongly encouraged to use official Palo Alto Networks resources only to prepare for the exam. The complete Palo Alto Networks recommended learning path is detailed below:
Instructor Led Training:
- Cortex XDR: Prevention and Deployment (EDU-260)
- Cortex XDR: Security Operations and Integration (PCXDR-SOI) or Cortex XDR: Investigation and Response (EDU-262)
E-learning courses:
- Cortex XDR: Features - Mandatory
- Cortex XMDR Overview for MSSPs - Optional
- MDR Models and Licensing - Optional
- Cortex XDR Advanced training - Optional
