Sophos XDR Training

Detection and Response for Security Experts

and IT Administrators
You can request this Sophos XDR training through your Sophos partner with
the following SKU: PCEZTCCAA (Per person) | PR01SO00ZZPCAA (4 spots for
own organization)

Sophos XDR Page 1 of 5

Sophos Certified Administrator

Summary

Why you should join..................................................................................... 3

Prerequisites ................................................................................................ 3

Course content ............................................................................................. 3

Objective ...................................................................................................... 4

Training environment ................................................................................... 4

Further information ..................................................................................... 4

Sophos XDR Page 2 of 5

Why you should join
The Sophos XDR Training is specifically designed for security experts who, through XDR, have a valuable collection
of security data in the Data Lake. During this training you learn to perform extensive investigations with this data.
Both proactive and reactive, applicable to many different situations, with different goals. The training starts with a
presentation, then quickly moves on to practical exercises to apply the theoretical material. This is done in an online
labs environment.
This is a 1-day course for customers looking to enhance their threat hunting skills within Sophos Central. This
session will provide the end- user a hands-on experience looking for indicators of compromise within a lab
environment.
This training is available per organization or per person and is limited to a maximum of 4 participants.
The Sophos XDR Training is specifically designed for security experts who have Sophos XDR active. This is both
for those companies that have a partnership with our Managed Detection and Response (MDR) service
offering and for a company doing threat hunting entirely on their own.
In either situation, you have a valuable collection of security data in your Data Lake on which you can conduct
very comprehensive investigations. Both proactive and reactive, applicable to many different situations. You
will learn to use the XDR tools for both threat hunting and administrator tasks.

Prerequisites
To participate in this course, you must have the following:
▪ Internet connection
▪ Basic knowledge of Sophos Central Console
▪ Basic knowledge of Windows OS operation

Course content
▪ Overview of modern cyber attacks
▪ Think and act like a Security Operations Center
▪ Best practice configuration of Threat Policies, Peripheral Control, and Application Control
▪ SQL query construction
▪ Searching for Indicators of Compromise (IOC)
▪ Tracing the source of process, network, and file activity
▪ Querying devices for vulnerabilities / missing patches
▪ Threat Graph analysis and remediation
▪ Using Investigations to identify potential IOCs
▪ Interacting with the Sophos XDR Community
▪ Leveraging the Central API for XDR interactionObjective
▪ Know the key technical features and how they protect against threats Perform common
configuration tasks
▪ Configure the most commonly used features
▪ View and manage logs and reports
▪ Know and use troubleshooting tools

Sophos XDR Page 3 of 5

Objective
Upon completion of the training, the participant will possess the following skills:
▪ Gain a better understanding of contemporary attack techniques
▪ Be able to use XDR tools to do independent research
▪ Use XDR tools for daily administrator tasks
▪ Create / modify queries himself

Training environment
Each participant is given a preconfigured training environment with Windows systems to directly put
into practice the topics and techniques discussed.

Further information
If you would like more information about this course, please email salesna@sophos.com.

Sophos XDR Page 4 of 5

Sophos Certified Administrator

© Copyright 2024 Sophos Ltd. All rights reserved.

Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.

2024-02-28 Training-EN