Overview
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Prerequisites
This course requires completion of the following course:
- VMware Carbon Black Cloud Fundamentals
Who Should Attend?
System administrators and security operations personnel, including analysts and managers
Course Outline
- Introductions and course logistics
- Course objectives
- Hardware and software requirements
- Architecture
- Data flows
- osquery
- Available tables
- Query scope
- Running versus scheduling
- Use cases
- Inspecting the SQL query
- Components
- Tables
- Select statements
- Where clause
- Creating basic queries
- Where clause
- Exporting and filtering
- Query creation
- Running queries
- Viewing results
- Advanced SQL options
- Threat hunting
- Using live response
