What do you think?
Rate this book
Palo Alto Cortex XSOAR: A Practical Guide
Cortex XSOAR is the Security Orchestration, Automation and Response (SOAR) solution from Palo Alto Networks. Cortex XSOAR provides a centralized security orchestration and Automation solution to accelerate incident response and increase analyst productivity. A SOAR platform integrates your organization's security and monitoring tools, helping you centralize, standardize your incident handing processes.
This book is a beginner friendly, step by step, practical guide that helps you to understand and learn Palo Alto Cortex XSOAR from scratch. No previous knowledge about the product is required and have explained all the important topics step by step, with screenshots.
Covers,
1) Solution architecture.
2) Incident lifecycle in Cortex XSOAR.
3) Integrations and incident creation.
4) Playbook development.
5) Layout customization.
6) Report creation.
7) Backup options.
8) Threat Intel management and EDL integration..
9) Introduction to MSSP.
Contents
How to Use this book?
1.Introduction
1.1 What is Security Incident Management?
1.2 What is a Security Operations Centre (SOC)?
1.3 What is SOAR?
1.4 Palo Alto Cortex XSOAR
2. Cortex XSOAR Hardware and Software requirements
2.1 Deployment Options.
2.2 Software and Hardware Requirements.
3. Solution Architecture
3.1 Components of a XSOAR solution
3.1.1 Cortex XSOAR Engine
3.1.2 Dedicated Database Server
3.1.3 Distributed Database Servers
3.1.4 Live backup Server
3.1.5 Dev Server
4. Installing Cortex XSOAR
4.1 Standalone Cortex XSOAR Installation
4.2. Post-Installation Health check.
5. Basic Configurations
5.1 Adding Mail-Sender Integration
5.2 Adding Users in to Cortex XSOAR
5.3 External Authentication
5.4 Role Based Access Control
6. Familiarize with Cortex XSOAR GUI
6.1 Settings
6.2 Marketplace
6.3 Automations.
6.4 Integrations.
6.5 XSOAR commands
6.6 Incidents
6.7 Indicators
6.8 Reports and Dashboards
6.9 Jobs
7. Incident Management Lifecycle in Cortex XSOAR
7.1 Planning
7.1.1 Create incident Fields
7.1.2 Create Incident Type.
7.1.2 Create Incident Layout.
7.2 Configure Integrations.
7.3 Classification and Mapping.
7.4 Pre-Processing.
7.5 Incident Created.
7.6 Running Playbooks.
7.7 Post-Processing.
8. Playbook Development
8.1 Playbook Icons
8.2 Create Playbook
8.3 Sub Playbook
9. Incident Investigation
9.1 Context
9.2 Duplicate Incidents
10. Demo: Phishing Incident Investigation.
11. Demo: Malware Incident Investigation.
11.1 Playbook Creation
11.2 Incident Creation
11.3 Incident Investigation
12. Demo: Block Malicious IP in Firewall.
12.1 Playbook Creation
12.2 Incident Creation
12.3 Incident Investigation
13. Threat Intel Management (TIM)
13.1 Configuring a TIM feed Instance.
13.2 External Dynamic List (EDL) Integration
14. Reports
15. Configure Backup
15.1 Automated Backup
15.2 Live Backup
16. Introduction to Cortex XSOAR for MSSP
17. Cortex XSOAR job roles.
18. Summary
Appendix: Useful Links
This book is a beginner friendly, step by step, practical guide that helps you to understand and learn Palo Alto Cortex XSOAR from scratch. No previous knowledge about the product is required and have explained all the important topics step by step, with screenshots.
Covers,
1) Solution architecture.
2) Incident lifecycle in Cortex XSOAR.
3) Integrations and incident creation.
4) Playbook development.
5) Layout customization.
6) Report creation.
7) Backup options.
8) Threat Intel management and EDL integration..
9) Introduction to MSSP.
Contents
How to Use this book?
1.Introduction
1.1 What is Security Incident Management?
1.2 What is a Security Operations Centre (SOC)?
1.3 What is SOAR?
1.4 Palo Alto Cortex XSOAR
2. Cortex XSOAR Hardware and Software requirements
2.1 Deployment Options.
2.2 Software and Hardware Requirements.
3. Solution Architecture
3.1 Components of a XSOAR solution
3.1.1 Cortex XSOAR Engine
3.1.2 Dedicated Database Server
3.1.3 Distributed Database Servers
3.1.4 Live backup Server
3.1.5 Dev Server
4. Installing Cortex XSOAR
4.1 Standalone Cortex XSOAR Installation
4.2. Post-Installation Health check.
5. Basic Configurations
5.1 Adding Mail-Sender Integration
5.2 Adding Users in to Cortex XSOAR
5.3 External Authentication
5.4 Role Based Access Control
6. Familiarize with Cortex XSOAR GUI
6.1 Settings
6.2 Marketplace
6.3 Automations.
6.4 Integrations.
6.5 XSOAR commands
6.6 Incidents
6.7 Indicators
6.8 Reports and Dashboards
6.9 Jobs
7. Incident Management Lifecycle in Cortex XSOAR
7.1 Planning
7.1.1 Create incident Fields
7.1.2 Create Incident Type.
7.1.2 Create Incident Layout.
7.2 Configure Integrations.
7.3 Classification and Mapping.
7.4 Pre-Processing.
7.5 Incident Created.
7.6 Running Playbooks.
7.7 Post-Processing.
8. Playbook Development
8.1 Playbook Icons
8.2 Create Playbook
8.3 Sub Playbook
9. Incident Investigation
9.1 Context
9.2 Duplicate Incidents
10. Demo: Phishing Incident Investigation.
11. Demo: Malware Incident Investigation.
11.1 Playbook Creation
11.2 Incident Creation
11.3 Incident Investigation
12. Demo: Block Malicious IP in Firewall.
12.1 Playbook Creation
12.2 Incident Creation
12.3 Incident Investigation
13. Threat Intel Management (TIM)
13.1 Configuring a TIM feed Instance.
13.2 External Dynamic List (EDL) Integration
14. Reports
15. Configure Backup
15.1 Automated Backup
15.2 Live Backup
16. Introduction to Cortex XSOAR for MSSP
17. Cortex XSOAR job roles.
18. Summary
Appendix: Useful Links
202 pages, Paperback
Published March 16, 2021
3 people are currently reading
18 people want to read
About the author
Jithin Alex
7 books7 followersJithin Alex, an accomplished Security Professional and Author, brings extensive expertise in security operations and proficiently managing a diverse range of security solutions and products across various technology sectors. Formerly serving as an senior engineer at a leading multinational corporation, he utilized his technical acumen and practical experience to author books that have garnered significant acclaim.
Notably, his book "Network Automation using Python 3" achieved recognition as one of the top new Automation books by Bookauthority.
Additionally, "Cisco Firepower Threat Defense NGFW" was acknowledged as one of the best Firewall books of all time.
Explore his technical articles, CTF challenges, and write-ups at www.jaacostan.com
Notably, his book "Network Automation using Python 3" achieved recognition as one of the top new Automation books by Bookauthority.
Additionally, "Cisco Firepower Threat Defense NGFW" was acknowledged as one of the best Firewall books of all time.
Explore his technical articles, CTF challenges, and write-ups at www.jaacostan.com
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
March 22, 2021
Excellent hands-on guide. Ty
March 30, 2021
Nice. More like a lab guide but well organized with necessary explanations. Especially the incident life-cycle and playbook development. Recommended to those who are new to Cortex XSOAR.
April 12, 2021
New product in the market and was looking for a spoon-fed book on Cortex XSOAR. You did a great job and well done. Easy easy to follow. Can expect a book on Cortex XDR too?.
Displaying 1 - 3 of 3 reviews