Trending Courses

Vendors

Skip Navigation Links

Overview

Cisco XDR Security Operations (XDROPS) is a 3-day training guiding you through the main aspects and challenges of traditional SOC. You will learn the Cisco XDR security platform and how it can simplify security operations in today's hybrid, multi-vendor, multi-threat landscape. Overview of all the main integration possibilities and components, including APIs discovery, Endpoint and Network Telemetry and ITSM, SIEM systems, and Public Cloud. Through expert instruction and hands-on lab exercises, you will learn how to read the components and work with Incident Manager for effective threat prioritization, streamlined investigations, and evidence-backed recommendations. In this training, you will discover how to elevate productivity with automation capabilities and boost your security resources for optimal value.
img-course-overview.jpg

What You'll Learn

Upon completing this course, the learner will be able to meet these overall objectives:

  • Understand the architecture of Cisco Secure Client/XDR.
  • Understand the Identification, Containment, Eradication, and Recovery Workflows.
  • Understand the XDR Remote Connector and how to accomplish arbitrary integrations.
  • Learn how to create automation using Automation APIs.
  • Recognize the types and sequence of Orchestration Workflows.
  • Understand the fundamentals of working with Public Cloud through XDR Orchestration.
  • Explain how to initiate Cisco XDR investigations from Splunk.

Who Should Attend

The primary audience for this course is as follows:

  • Cisco integrators, resellers, and partners
  • Network administrators
  • Security administrators
  • Security consultants
  • Systems engineers
  • Cybersecurity engineers
  • Cybersecurity investigators
  • SOC analysts
  • Network design engineers
  • Solution architects
img-who-should-learn.png

Prerequisites

The knowledge and skills that the learner should have before attending this course are as follows:

  • Working knowledge of the Windows and Linux operating systems.
  • Familiarity with basics of networking security concepts.
  • Technical understanding of TCP/IP networking and network architecture.
  • Technical understanding of security concepts and protocols.

The recommended Cisco offering may help you meet these prerequisites:

  • Implementing and Administering Cisco Solutions (CCNA)

Learning Journey

Coming Soon...

Module 1: Evolution and Introduction to Cisco XDR

  • Lesson 1: Detection and Response and the challenges of traditional SOC
  • Lesson 2: What is the OODA loop?
  • Lesson 3: Overview of Cisco XDR
    • High-level Architecture
    • Associating SOC profiles to XDR
    • Integrations and Response
    • XDR/EDR/MDR/SOAR/SIEM – Shared Use cases
    • Analytics and Correlation Engine

Module 2: Threat Detection and Incident Response Workflow

  • Lesson 1: Understanding Threat Detections with Diverse Intelligence
  • Lesson 2: How to read components: Judgement / Indicators / Feeds / Events
  • Lesson 3: Cisco XDR: Incident Manager
    • Threat inspection captured Incidents
    • Infrastructure-based Incident Prioritization: Detection Risk and Asset Value
    • MITRE
    • Correlated pictorial representation of the threat summary
    • Severity Management based on Event types
    • Identification/Containment/Eradication and Recovery Workflows

Module 3: Enrichment from Third-Party Integrations

  • Lesson 1: Overview of the third-party security landscape
  • Lesson 2: Built-in Integrations
    • EDR: Crowdstrike, Sentinel One, MSFT Defender, and more...
    • NDR: Dark Trace, Extrahop, and more...
  • Lesson 3: What is a Relay Module?
  • Lesson 4: XDR: Remote Connector
  • Lesson 5: Accomplishing arbitrary integrations

Module 4: XDR APIs

  • Lesson 1: Northbound and Southbound APIs
  • Lesson 2: Threat Intelligence APIs: Private and public databases of threat intel
  • Lesson 3: Investigation APIs: Enrich data using your integrated products
  • Lesson 4: Response APIs
  • Lesson 5: OAuth APIs: Use credentials and get access tokens
  • Lesson 6: Automation APIs: Trigger workflows in XDR to do just about anything you want!

Module 5: XDR Automation and Orchestration

  • Lesson 1: Understanding Orchestration Workflows: Types and sequence
  • Lesson 2: Workflows Components: Targets, Account Keys, Triggers, Variables, Events, Schedules & Reports
  • Lesson 3: Constructing a basic workflow
  • Lesson 4: Exploring built in cisco and third-party service activities and logics
  • Lesson 5: Customizing out of the box workflows to fit the business use case
  • Lesson 6: Nesting workflows
  • Lesson 7: Using Microsoft APIs to investigate/detect suspicious email with Cisco Secure Email
  • Lesson 8: Enforcing DLP policy on outgoing email using Cisco XDR automation

Module 6: Endpoint and Network Telemetry

  • Lesson 1: Network and Endpoint Visibility Together: Telemetry + Device Insights
  • Lesson 2: Network Visibility Module
  • Lesson 3: Cisco Secure Client/XDR: Architecture
  • Lesson 4: Reports and Audit logs
  • Lesson 5: Asset Tag Device Management

Module 7: Cisco XDR with ITSM, SIEM systems and Public Cloud

  • Lesson 1: Overview translation of Splunk CIM to XDR CTIM
  • Lesson 2: Initiating Cisco XDR investigation from Splunk
  • Lesson 3: Splunk and Cisco XDR Webhooks or Atomic Actions
  • Lesson 4: Overview of Cisco XDR and Service Now Integration
  • Lesson 5: Adding Context to ServiceNow incident – Using XDR Automate
  • Lesson 6: Fundamentals of working with Public Cloud with XDR Orchestration

Lab Outline:

Labs are designed to assure learners a whole practical experience, through the following practical activities:

  • Accessing Cisco XDR
  • Overview of Cisco XDR
  • Validate an Attack and Determine the Incident Response
  • Perform Threat Hunting
  • Discover Third Party integrations
  • Query and Recognize XDR API
  • Explore Cisco XDR Orchestration
  • Evaluate Assets in a Typical Enterprise Environment
  • Work with Endpoint and Network Telemetry
  • Explain how to initiate Cisco XDR investigations from Splunk
  • Explore the integration of Splunk and Cisco XDR through Webhooks or Atomic Actions

Frequently Asked Questions (FAQs)

  • Why get Cisco certified?

    Cisco certifications validate your expertise in networking and cybersecurity, making you a sought-after professional in the IT industry.

    These globally recognized credentials demonstrate your ability to design, implement, and manage complex networks, enhancing your career prospects and earning potential.

    Cisco-certified professionals are highly valued by employers worldwide for their knowledge and skills in managing critical infrastructure and ensuring secure communications.

  • What to expect for the examination?

    Cisco offers a wide range of certification exams, catering to various levels of expertise and specializations.

    The exams typically consist of multiple-choice questions, simulations, and sometimes lab exercises. Exam formats and content vary depending on the specific certification level and track you choose.

    Note: Certification requirements and policies may be updated by Cisco from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • How long is Cisco certification valid for?

    Most Cisco certifications are active for three years from the date you earn the certification.

    You can recertify at any time during the active period by re-taking the exam for your existing certification, advancing to the next level of certifications, earning Continuing Education credits, or a combination of both.

    Note: Certification requirements and policies may be updated by Cisco from time to time. We apologize for any discrepancies; do get in touch with us if you have any questions.

  • Why take this course with Trainocate?

    Here’s what sets us apart:

    - Global Reach, Localized Accessibility: Benefit from our geographically diverse training hubs in 24 countries (and counting!).

    - Top-Rated Instructors: Our team of subject matter experts (with high average CSAT and MTM scores) are passionate to help you accelerate your digital transformation.

    - Customized Training Solutions: Choose from on-site, virtual classrooms, or self-paced learning to fit your organization and individual needs.

    - Experiential Learning: Dive into interactive training with our curated lesson plans. Participate in hands-on labs, solve real-world challenges, and take on comprehensive assessments.

    - Learn From The Best: With 30+ authorized training partnerships and countless awards from Microsoft, AWS, Google – you're guaranteed learning from the industry's elite.

    - Your Bridge To Success: We provide up-to-date course materials, helpful exam guides, and dedicated support to validate your expertise and elevate your career.

Keep Exploring

Course Curriculum

Course Curriculum

Training Schedule

Training Schedule

Exam & Certification

Exam & Certification

FAQs

Frequently Asked Questions

img-improve-career.jpg

Improve yourself and your career by taking this course.

More Courses By Cisco

Browse All Courses
ucsec-implementing-cisco-unified-communications-security-v1
Collaboration

Implementing Cisco Unified Communications Security v1.0

The course is designed to provide students with the necessary knowledge and skills to implement security features in a Cisco Unified Communications environment.
ILT VILT
Course Duration 5 Days
mpls-implementing-cisco-mpls-v3
Service Provider

Implementing Cisco MPLS v3.1

Learn about VPN technology issues involving MPLS from the service provider perspective & how to configure some of those features and functions in an existing routed environment
ILT VILT
Course Duration 5 Days
mcast-implementing-cisco-multicast-v2
Routing and Switching

Implementing Cisco Multicast v2.0

Learn how to provide technical solutions for simple deployments of IP multicast within a provider or customer network.
ILT VILT
Course Duration 5 Days
img-get-info.jpg

Ready to Take Your Business from Great to Awesome?

Level-up by partnering with Trainocate. Get in touch today.

Name
Email
Phone
I'm inquiring for
Inquiry Details

By submitting this form, you consent to Trainocate processing your data to respond to your inquiry and provide you with relevant information about our training programs, including occasional emails with the latest news, exclusive events, and special offers.

You can unsubscribe from our marketing emails at any time. Our data handling practices are in accordance with our Privacy Policy.

Stay Connected. Be the first to Know.

Company

Vendors

Services

Customer Service

© Copyright Trainocate 2025. All rights reserved.