Jaacostan

Palo Alto Networks Certified Security Automation Engineer Exam Review Exam Length : 130 minutes (sufficient) Number of questions : 85 The exam is not an easy one. Compared to other networking and security exams from Palo Alto, this is a difficult one. The PCSAE candidates are supposed to have a decent operational experience with Cortex XSOAR. Those who don't, might struggle to answer the exam questions correctly.  Though the exam guide from Palo Alto helps, it is not enough to pass the PCSAE exam. I recommend you to go through the additional guides such as Admin guide, TIM, MSSP guides etc. Do install the community edition and explore everything. Without any hands-on knowledge, you are not going to pass the exam. You can find supplementary exam materials here. Takeaways: Make sure you can differentiate automation commands, scripts, system commands, search queries. Make sure you know the syntax and format of the commands. Have an idea on basic troubleshooting. Practice creating das

Practice test on Udemy  : Link Book : Link Exam Review : https://www.jaacostan.com/2021/02/palo-alto-networks-certified-security.html Administration Guide : https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin.html  Cortex XSOAR Threat Intel Management Guide : https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-threat-intel-management-guide.html  Cortex XSOAR Multi-Tenant Guide : https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-multi-tenant-guide.html Study Guide : https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcsae-study-guide.pdf  XSOAR Use Case Definition Template : https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/xsoar-use-case-definition-template/ta-p/344478 Free Training Course available at https://beacon.paloaltonetworks.com   Request Community edition : https://start.paloaltonetworks.com/sign-up-for-community-edition.html  My blog posts on Cortex XSOAR, Read here

Cisco Firepower Threat Defense(FTD) NGFW: An Administrator's Handbook : A 100% practical guide on configuring and managing Cisco FTD using Cisco FMC and FDM. This book is written like a learning course, explained in detail with a lab topology using FTDv and FMCv. This is a 100% practical guide on configuring and managing Cisco Firepower Threat Defense Next Generation Firewall using Cisco Firepower Management Center. I have also covered the standalone firewall introduction and how to use Firepower Device Manager to manage your FTD firewall locally without using FMC. Covers , •How to upgrade ASA firewall to Cisco FTD (Migration and Upgrade) •Configure Cisco Firepower Threat Defense (FTD) Next Generation firewall •Configure Cisco Firepower Management Center (FMC) •Manage and administer the FTD devices using FMC ( Configure interfaces, zones, routing, ACLs, Prefilter policies, NAT, High Availability etc) • FTD local management using Firepower Device Manager (FDM) •Introduction

A Playbook is a set of tasks that will be executed for a specified incident and run like a flow chart. This enable the organization to automate many of the security processes, such as incident response, data collection, investigation, closure etc. You can structure and automate security responses that were previously handled manually and thereby saving time and increasing the efficiency of your Incident Response plan and operations. You can create a new playbook from the Playbook option in the Cortex XSOAR GUI. As i mentioned above, a playbook is a set of tasks and each of the tasks can be classified in to various types based on the function or action. Each types are marked with specific icons. The meaning of those icons are mentioned below. All Playbooks begins with a Section Header, which signifies the title. 1) Standard Automated Task : The arrow and the lightning bolt indicate a standard automated task. No analyst intervention is required for automated tasks.   2) Manual Task : Th

After Installing Palo Alto Cortex XSOAR, it is recommended to perform a post-installation health check. As per Palo Alto documentation, the following tests has to be performed. 1) Check the Docker Sub-system   /docker_images : Verify that either a list of Docker images or an empty list is returned. Can run this command from the playground.  ! py script="demisto.results('hello world')" : Verify that hello world is returned, if not, there may be issues with your docker installation. Can run this command from the playground.      sudo docker info : Check for warnings or errors. 2) Verify Integration Tests Create an instance of each of the following integrations and test each of these integrations by clicking the Test button in the integration instance. You can also optionally run associated commands in the playground. Sample integration installation of ipinfo is shown below.      urlscan.io     ipinfo     PhishTank     OpenPhish     Rasterize Also, run !FailedInstanc

After installing Palo Alto Cortex XSOAR, you might go through the health check. During health check you will go through a serious of integration/instance testing to check the functionalities. In the XSOAR platform, one of the basic tool an analyst will use is urlscan . And you are probably here reading this post because you might also encountered an error while running the URLscan related commands.  So during my testing, i ran the command to check the reputation of my URL and it returned the following error. Scripts returned an error urlscan.io returned an error. Error in API call to URLScan.io [403] - Forbidden: Anonymous API submissions are not permitted by our platform. This is because of the absence of API key in the instance. To fix this, you need to get an API key from urlscan.io and provide the key within the XSOAR urlscan.io instance. You may create a free account in urlscan.io and get the API key for free. Once you have created the API key, copy the key. You need to provide th