Security Operations

WWT's ATC Palo Alto Cortex XDR Proving Ground Lab provides a consolidated solution built around Cortex XDR, the Palo Alto firewall, Windows endpoints and Windows servers to demonstrate how the Cortex XDR Agent protects against threats. The goal of Cortex XDR is to increase the operational efficiency of the security operations center. Cortex XDR accomplishes this by reducing alerts by combining similar events, stitching together logs from different sources and preventing as many threats as possible early in the attack cycle. Cortex XDR goes beyond the traditional EDR approach of using only endpoint data to identify and respond to threats by applying machine learning across all your enterprise, network, cloud and endpoint data. This approach enables you to quickly find and stop targeted attacks, insider abuse and remediate compromised endpoints. Cortex XDR combines functionality from Endpoint Protection, Endpoint Detection and Response, Network Traffic Analysis and User Behavior Analytics into a single console. This lab consists of servers running common applications that include Palo Alto Cortex XDR, Palo Alto Cortex XSOAR, Palo Alto VM-Series firewall, Active Directory, Windows IIS and SQL server, and several Windows 11 workstations. You will access the environment using a Windows-based jump host from which you can browse web consoles and open RDP/SSH sessions.

The Armis to catch a hacker lab will walk users through a realistic exercise based upon real-life incidents with with sophisticated Advanced Persistent Threat (APTs) Actors. These threat actors will move laterally across the network and exploit common visibility gaps to reach their target objectives. This lab will show users how Armis can be leveraged to see this movement.