Palo Alto Cortex XDR Proving Ground Lab

WWT's ATC Palo Alto Cortex XDR Proving Ground Lab provides a consolidated solution built around Cortex XDR, the Palo Alto firewall, Windows endpoints and Windows servers to demonstrate how the Cortex XDR Agent protects against threats.

The goal of Cortex XDR is to increase the operational efficiency of the security operations center. Cortex XDR accomplishes this by reducing alerts by combining similar events, stitching together logs from different sources and preventing as many threats as possible early in the attack cycle.

Cortex XDR goes beyond the traditional EDR approach of using only endpoint data to identify and respond to threats by applying machine learning across all your enterprise, network, cloud and endpoint data. This approach enables you to quickly find and stop targeted attacks, insider abuse and remediate compromised endpoints. Cortex XDR combines functionality from Endpoint Protection, Endpoint Detection and Response, Network Traffic Analysis and User Behavior Analytics into a single console.

This lab consists of servers running common applications that include Palo Alto Cortex XDR, Palo Alto Cortex XSOAR, Palo Alto VM-Series firewall, Active Directory, Windows IIS and SQL server, and several Windows 10 workstations.

You will access the environment using a Windows-based jump host from which you can browse web consoles and open RDP/SSH sessions.

The purpose of this lab is to help you develop proficiency in navigating the Cortex XDR platform, the management console, responding to alerts, threat hunting and monitoring capabilities of the XDR solution. This lab makes use of Cortex XDR to view the process of compromising endpoints through several attack techniques.

The lab environment allows you to:

• Login to the Palo Alto Cortex XDR cloud-based management console application.
• Navigate the Cortex XDR web interface, view alerts and examine the workflow.
• Access the Proving Ground environment.
• Perform attack techniques to compromise an endpoint.
• View Cortex XDR advanced monitoring and event logging of compromised endpoints for improved visibility.

Software

• Palo Alto Cortex XDR
• Palo Alto Cortex XSOAR
• Palo Alto VM – Series Firewall w/ PAN-OS 10.2
• Palo Alto Cortex Broker VM
• Palo Alto Cortex Data Lake
• GlobalProtect Internal Gateway w/ Pre-Logon

Clients

• 3x Windows 10 Clients; Victim, Alert, Protection
• 1x Windows Application Server
• 1x Active Directory Domain Controller
• 1x Kali Linux Attack Endpoint
• 1x Windows Attack Endpoint

Technologies 

• Palo Alto Cortex XDR