Palo Alto Networks (PCSAE) Certified Security Automation Engineer

Incorporating native threat intelligence management into Cortex XSOAR security orchestration, automation, and response platform, the Palo Alto Networks (PCSAE) Certified Security Automation Engineer certification validates the knowledge and skills for developing, analyzing, and administering security orchestration, automation, and response platforms. Using out-of-the-box and customized playbooks and integrations validates engineers’ ability to understand the value. Furthermore, they are able to identify customer processes that can be automated with XSOAR, and they are also able to utilize the rest of their security products to customize XSOAR in order to reduce the mean time to resolution.

Target Audience

It is intended for customers, partners, system engineers, analysts, and administrators who want to demonstrate knowledge, skills, and abilities related to Palo Alto Networks Cortex XSOAR functionality.

Exam Details

The test format is 85 multiple-choice items. Candidates will have five minutes to complete the non-disclosure agreement (NDA), 80 minutes (1 hour, 20 minutes) to complete the questions, and five minutes to complete a survey at the end of the exam. This exam is based on Cortex XSOAR 6.6.

Skills Required

• Developing Playbooks and integrations, configuring incidents and layouts, configuring and managing indicator fields in XSOAR, knowing basics of Cyber Security such as IOC blocking, etc, and configuring dashboards and reports
• Coding in Python and in cyber security as an Analyst
• No exam or course prerequisite for attempting the PCSAE exam

Recommended Knowledge and Prerequisites

The PCNSE certification has no prerequisites, though, candidates are recommended to opt for training suggested by the official website’s description of the exam. Recommended training includes:

• Fundamentals of Security Operations Center (SOC)
• Introduction to Cortex XSOAR, Cortex XSOAR Admin Training
• Cortex XSOAR Analyst Training
• Cortex XSOAR SOAR Engineer Training 

For More Details See Palo Alto Networks (PCSAE) Certified Security Automation Engineer FAQs

Course Outline

The Palo Alto Networks (PCSAE) Certified Security Automation Engineer exam covers the following topics:

Domain 1 Playbook Development 27%

Task 1.1 Reference and manipulate context data to manage automation

workflow

Task 1.2 Summarize inputs, outputs, and results for playbook tasks

Task 1.3 Configure inputs and outputs for subplaybook tasks

Task 1.4 Enable and configure looping on a subplaybook

Task 1.5 Differentiate among playbook task types

• 1.5.1 Manual
• 1.5.2 Automated
• 1.5.3 Conditional
• 1.5.4 Data collection
• 1.5.5 Subplaybook

Task 1.6 Apply filters and transformers to manipulate data

Task 1.7 Apply the playbook debugger to aid in developing playbooks

Domain 2 Incident Objects 13%

Task 2.1 Configure incident types

Task 2.2 Identify the role of an incident type within the incident lifecycle

Task 2.3 Configure an incident layout

• 2.3.1 Fields and buttons
• 2.3.2 Tabs
• 2.3.3 New/Edit and Close Forms

Task 2.4 Summarize the function, capabilities, and purpose of incident

fields

Task 2.5 Configure classifiers and mappers

Domain 3 Automations, Integrations, and Related Concepts 18%

Task 3.1 Define the capabilities of automation across XSOAR functions

• 3.1.1 Playbook tasks
• 3.1.2 War room
• 3.1.3 Layouts (dynamic sections, buttons)
• 3.1.4 Jobs
• 3.1.5 Field trigger scripts
• 3.1.6 Pre/post-processing

Task 3.2 Differentiate between automation, commands, and scripts

Task 3.3 Interpret and modify automation scripts

• 3.3.1 Script helper
• 3.3.2 Script settings
• 3.3.3 Language types
• 3.3.4 Script text

Task 3.4 Identify the properties and capabilities of the XSOAR framework

for integration

Task 3.5 Configure and manage integration instances

Domain 4 Content Management and Solution Architecture 17%

Task 4.1 Apply marketplace concepts for the management of content

• 4.1.1 Searching in the marketplace
• 4.1.2 Installation and updates
• 4.1.3 Dependencies
• 4.1.4 Version history
• 4.1.5 Partner supported versus XSOAR supported
• 4.1.6 Submitting content to the marketplace

Task 4.2 Apply general content customization and management concepts

• 4.2.1 Custom versus system content
• 4.2.2 Duplicating content
• 4.2.3 Importing/exporting custom content
• 4.2.4 Version control

Task 4.3 Manage local changes in a remote repository (dev-prod) configuration

Task 4.4 Describe the components of the XSOAR system architecture

• 4.4.1 System hardware requirements
• 4.4.2 Remote repositories (dev-prod)
• 4.4.3 Engines
• 4.4.4 Multitenancy
• 4.4.5 Elasticsearch/HA
• 4.4.6 Docker

Task 4.5 Describe the incident lifecycle within XSOAR

Task 4.6 Define the capabilities of RBAC

• 4.6.1 Page Access
• 4.6.2 Integration permissions
• 4.6.3 Incident tabs (layout specification)
• 4.6.4 Automation permissions
• 4.6.5 Incident viewing permissions by role

Task 4.7 Identify the troubleshooting tools available to obtain more diagnostic information

• 4.7.1 Log bundles
• 4.7.2 Integration testing

Task 4.8 Identify options available for performance tuning

• 4.8.1 Ignore output
• 4.8.2 Quiet mode

Task 4.9 Monitor system health using the System Diagnostics page

Domain 5 UI Workflow, Dashboards, and Reports 13%

Task 5.1 Identify methods for querying data

• 5.1.1 Indicators
• 5.1.2 Incidents
• 5.1.3 Dashboards
• 5.1.4 Global search

Task 5.2 Summarize the workflow elements used during an investigation

• 5.2.1 Layouts
• 5.2.2 War Room
• 5.2.3 Work Plan
• 5.2.4 Evidence Board
• 5.2.5 Actions menu

Task 5.3 Interact with layouts for incident management

• 5.3.1 Sections
• 5.3.2 Fields
• 5.3.3 Buttons

Task 5.4 Summarize tools used for managing incidents

• 5.4.1 Bulk incident actions
• 5.4.2 Table view versus summary view
• 5.4.3 Table settings

Task 5.5 Identify the capabilities of existing dashboards and reports

Task 5.6 Summarize what information can be created, edited, or shared within dashboards and reports

Task 5.7 Summarize the capabilities of the widget builder

Domain 6 Threat Intel Management 12%

Task 6.1 Identify the parameters available for configuring indicator Objects

• 6.1.1 Layouts and types
• 6.1.2 Fields
• 6.1.3 Reputation scripts and commands
• 6.1.4 Expiration

Task 6.2 Generate threat intel reports

Task 6.3 Describe the features of the Threat Intel page

• 6.3.1 Unit 42 intel feature
• 6.3.2 XSOAR indicators
• 6.3.3 Export/import capabilities

Task 6.4 Configure threat intel feed integrations

Task 6.5 Identify the options available to auto-extract

• 6.5.1 Exclusion list
• 6.5.2 Playbook auto-extract
• 6.5.3 Regex for auto-extract
• 6.5.4 System defaults
• 6.5.5 Extraction settings for incident types

Preparation Guide for the Palo Alto Networks (PCSAE) Certified Security Automation Engineer Exam

In order to succeed in the Palo Alto Networks (PCSAE) Certified Security Automation Engineer exam, candidates must have a clear sense of judgment and plan their time well for preparation. Resources and content are plentiful, but we need to sort through the best ones and practice from them. A brief description of the exam can be found on the official website, along with training methods suggested for examinees. As a result, candidates should make use of all suggested resources and also create their own user forums and applications.

Official Study Guide

By reviewing the official study guide, you will not only be more efficient in studying but also be more consistent in your sessions. As you acquire experience, you will discover what fields you are adept at and what areas you need to work on to become proficient in.

Digital Learning & Instructor-led Training

For those of you who are interested in staying current with our technology, there is a free digital learning library available to you. If you have already attended a formal hands-on course, you can reinforce key information through self-paced, on-demand digital classes. In addition, they are helpful to those who cannot attend a hands-on, instructor-led class, as they provide a broad overview of our technology. The following instructor-led or equivalent digital-learning courses are recommended by Palo Alto Networks:

• Cortex XSOAR: IT Administrator (DL)
• Cortex XSOAR Engineer- Building the Next-Generation SOC (DL)
• Cortex XSOAR SOC Analyst Training or equivalent knowledge (DL)
• Cybersecurity Fundamentals of Security Operations Center (DL)
• EDU 280 – Cortex XSOAR Analyst
• EDU 380 – Cortex XSOAR Engineer

Palo Alto Networks Education

With Palo Alto Networks’ technical curriculum, delivered by Palo Alto Networks Authorized Training Partners, you will gain the knowledge and expertise needed to protect our digital lives. These trusted certifications demonstrate your ability to protect against successful cyber attacks and safely enable applications by demonstrating your understanding of Palo Alto Networks’ product portfolio.

Join Palo Alto Networks’ LIVEcommunity

Applicants can become members of an online community as aspirants and participate in it, in addition to learning, learning, and exchanging words, they can also experience a lot more than that. It is not uncommon for communities to offer their students and members a variety of benefits.

Evaluate yourself with Practice Tests

Practicing is an integral part of the preparation, and practicing helps candidates improve their emotional, mental, and physical preparedness for exams. Additionally, it improves memory and creates a healthy flow of information, thus addressing issues such as anxiety, stress, and overconfidence. So take a Free Practice Test Now!