This instructor led lab will walk attendees through a purple teaming exercise with Cisco XDR. Each attendee will be assigned a pod with test machines and Cisco Security tools predeployed. Starting with red team activities attendees will gain initial access to a victim machine using a phishing email and the proceed to launch payloads using a variety of MITRE TTP's. After running an attack attendees will start blue team activities to review the detections in Secure Endpoint, Secure Firewall, and Cisco XDR. Blue team activities entail sifting through device trajectory and investigating incidents using the XDR toolset. Attendees will experience running an attack and using Cisco Security tools to remediate the threats gaining hands on purple teaming experience.

Training Outline:

1. Introduction (15 mins)
2. Blind Eagle Attack Emulation (1 hour)
3. Blue Teaming for Blind Eagle Attack (1 hour)
4. Closing and Q&A (15 mins)