Cisco XDR Security Operations

Cisco XDR Security Operations (XDROPS) is a three-day, instructor-led training course that introduces learners to the core challenges of traditional Security Operations Centers (SOC) and demonstrates how Cisco XDR simplifies security operations in modern hybrid, multi-vendor environments. Participants gain hands-on experience with the Cisco XDR platform, including endpoint and network telemetry, third-party integrations, APIs, automation, orchestration workflows, and public cloud integrations. The course focuses on effective threat detection, investigation, prioritization, and response using Cisco XDR Incident Manager, automation capabilities, and evidence-based decision making to improve SOC efficiency and outcomes.

• Understand the architecture of Cisco Secure Client and Cisco XDR
• Explain Identification, Containment, Eradication, and Recovery workflows
• Use Cisco XDR Incident Manager for threat prioritization and investigations
• Integrate third-party security tools using XDR Remote Connector
• Create automation using Cisco XDR Automation APIs
• Recognize the types and sequence of orchestration workflows
• Work with endpoint and network telemetry for enhanced visibility
• Understand public cloud integrations using XDR orchestration
• Initiate and manage Cisco XDR investigations from Splunk

• Cisco integrators, resellers, and partners
• Network administrators and network design engineers
• Security administrators and security consultants
• Systems engineers and solution architects
• Cybersecurity engineers and investigators
• SOC analysts

• Working knowledge of Windows and Linux operating systems
• Familiarity with basic networking security concepts
• Understanding of TCP/IP networking and network architecture
• Understanding of security concepts and protocols

Recommended preparation:

• Implementing and Administering Cisco Solutions (CCNA)