Scribd
Upload
45 views4 pages

Xsiam Engineer Datasheet

The Palo Alto Networks Certified XSIAM Engineer certification validates skills in using the XSIAM platform for various tasks including installation, configuration, and data integration. This document serves as a preparation guide for the exam, outlining the target audience, required skills, and exam domains with their respective weightings. It emphasizes the importance of using official resources for study and provides information on ESL accommodations for non-English speakers.

Uploaded by

David de la Paz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views4 pages

Xsiam Engineer Datasheet

The Palo Alto Networks Certified XSIAM Engineer certification validates skills in using the XSIAM platform for various tasks including installation, configuration, and data integration. This document serves as a preparation guide for the exam, outlining the target audience, required skills, and exam domains with their respective weightings. It emphasizes the importance of using official resources for study and provides information on ESL accommodations for non-English speakers.

Uploaded by

David de la Paz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

‭ alo Alto Networks‬

P
‭XSIAM Engineer‬

‭Datasheet‬
‭JANUARY 2025‬
‭ he Palo Alto Networks Certified XSIAM Engineer certification is‬
T
‭designed to validate the knowledge and skills required to use the‬
‭Palo Alto Networks XSIAM platform for installation, deployment‬
‭configuration, post-deployment management and configuration, data‬
‭source onboarding and integration configuration, playbook creation,‬
‭and detection engineering.‬

‭Exam registration:‬‭Pearson VUE‬

‭ he purpose of this document is to help you prepare for the exam‬


T
‭and attain the certification. Please note that this document is‬
‭intended to help identify the topics covered and to provide‬
‭resources and references for understanding those topics. It is not‬
‭intended to be used as the sole document to prepare for the‬
‭XSIAM Engineer exam.‬

‭Audience and Qualifications‬


‭Target Audience‬
‭ his exam is designed for the XSIAM engineers and SIEM‬
T
‭engineers responsible for installation, deployment configuration,‬
‭post-deployment management and configuration, data source‬
‭onboarding and integration configuration, playbook creation, and‬
‭detection engineering.‬
‭Skills Required‬
‭●‬ ‭Working knowledge of security operations‬
‭●‬ ‭Basic understanding of network security, infrastructure, protocols, and topology‬
‭●‬ ‭Working knowledge of endpoint OS fundamentals and security hardening methods‬
‭●‬ ‭Working knowledge of SIEM and security operations technology‬
‭●‬ ‭Basic knowledge of current and emergent trends in information security‬
‭●‬ ‭Use security models / architectures (e.g., defense-in-depth, Zero Trust)‬
‭●‬ ‭Working knowledge of programming and scripting languages (i.e., Python, Powershell, SQL, RegEx, XQL)‬
‭●‬ ‭Ability to implement automation and orchestration for efficient incident handling‬
‭●‬ ‭Ability to ingest data from threat and vulnerability feeds and determine applicability to the organization‬
‭●‬ ‭Working knowledge of log source onboarding, log normalization, and parsing‬
‭●‬ ‭Ability to integrate products and tools, including third-party products and tools‬
‭●‬ ‭Ability to configure agents, including policies and profiles‬
‭●‬ ‭Ability to ensure the availability, integrity, and security of data through monitoring‬
‭●‬ ‭Working knowledge of security frameworks (e.g., MITRE ATT&CK)‬
‭●‬ ‭Basic understanding of vulnerability management‬
‭●‬ ‭Basic understanding of threat intelligence management‬
‭●‬ ‭Familiarity with common data formats and data transformation (e.g., JSON, XML, CEF)‬
‭●‬ ‭Basic understanding of SaaS architectures‬

‭Palo Alto Networks | XSIAM Engineer | Datasheet‬ ‭2‬


‭Blueprint‬
‭ he blueprint table lists the domains covered and includes domain weighting. The percentage weights‬
T
‭represent the portion of the exam score that is attributed to each domain. Many candidates find the table‬
‭provides focus for studies during exam preparation. Also included in the blueprint table are the more‬
‭specific tasks associated with each domain. Pay particular attention to these tasks, as they provide more‬
‭targeted areas of study within the domains.‬

‭1. Planning and Installation 22%‬


‭1.1 Evaluate the existing IT infrastructure and security posture to align with XSIAM‬
‭architecture‬
‭1.2 Evaluate deployment requirements, objectives, and resources‬
‭ .2.1
1 Hardware‬
‭1.2.2 Software‬
‭1.2.3 Data sources‬
‭1.2.4 Integrations‬
‭1.3 Identify communication requirements for XSIAM components‬
‭1.4 Install and configure Cortex XSIAM components‬
‭ .4.1 Agents‬
1
‭1.4.2 Broker VM‬
‭1.4.3 Engine‬
‭1.5 Configure user roles, permissions, and access controls‬

‭2. Integration and Automation 30%‬


‭2.1 Onboard data sources (e.g., endpoint, network, cloud, identity)‬
‭2.2 Configure automation and feed integrations (e.g., messaging, SIEM, authentication,‬
‭threat intelligence feeds)‬
‭2.3 Implement and maintain Marketplace content packs‬
‭2.4 Manage automation workflow‬
‭ .4.1
2 Plan‬
‭2.4.2 Playbook tasks‬
‭2.4.3 Customize‬
‭2.4.4 Debug‬

‭3. Content Optimization 24%‬


‭3.1 Deploy parsing rules for unique data formats‬
‭3.2 Deploy data modeling rules for data normalization‬

‭Palo Alto Networks | XSIAM Engineer | Datasheet‬ ‭3‬


‭3.3 Manage detection rules to align with provided requirements‬
‭ .3.1
3 Correlation‬
‭3.3.2 Indicators of compromise (IOCs) and behavioral indicators of compromise (BIOCs)‬
‭3.3.3 Indicator rules‬
‭3.3.4 Scoring rules‬
‭3.3.5 Attack Surface Management (ASM) rules‬
‭3.4 Manage incident and alert layout‬
‭3.5 Create custom dashboards and reporting templates‬

‭4. Maintenance and Troubleshooting 24%‬


‭4.1 Manage exception and exclusion configurations‬
‭4.2 Manage XSIAM software component updates (e.g., content, XDR agent, XDR‬
‭collector, Broker VM)‬
‭4.3 Troubleshoot data management issues (e.g., data ingestion, normalization, parsing)‬
‭4.4 Troubleshoot Cortex XSIAM components (e.g., agents, integrations, playbooks)‬

‭Learning Path‬
‭ xternal candidates are strongly encouraged to use official Palo Alto Networks resources only to prepare for‬
E
‭the exam. The complete Palo Alto Networks recommended learning path can be found‬‭here‬‭.‬

‭References‬
‭ alo Alto Networks certification exam items are referenced to various publicly available technical or‬
P
‭scholarly sources. The following list includes several sources that may have been referenced during the‬
‭exam item development process.‬
‭●‬ ‭Palo Alto Networks TechDocs‬
‭●‬ ‭Palo Alto Networks Resource Center‬
‭●‬ ‭Palo Alto Networks Cyberpedia‬
‭●‬ ‭Palo Alto Networks Knowledge Base‬
‭●‬ ‭Palo Alto Networks Unit 42‬

‭English as a Second Language (ESL) Accommodation‬


‭ he ESL accommodation provides a 30-minute time extension for exams delivered in English in non-English‬
T
‭speaking countries where a localized version of the exam is not available. When registering for exams at‬
‭Pearson VUE, the ESL 30-minute extension is automatically granted to candidates in eligible countries‬
‭based upon candidate address.‬

‭Palo Alto Networks | XSIAM Engineer | Datasheet‬ ‭4‬

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy