Overview
This one-day course teaches you how to use the VMware Carbon Black® Cloud Enterprise EDR™ product and leverage its capabilities to configure and maintain the system according to your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Prerequisites
This course requires completion of the following course:
- VMware Carbon Black Cloud Fundamentals
Who Should Attend?
Security operations personnel, including analysts and managers
Course Outline
- Â Introductions and course logistics
- Course objectives
- Hardware and software requirements
- Architecture
- Data flows
- Creating searches
- Search operators
- Analyzing processes
- Analyzing binaries
- Advanced queries
- Subscribing
- Alerting
- Custom watchlists
- Alert creation
- Analyzing alert data
- Alert actions
- Cognitive Attack Loop
- Malicious behaviors
- Using quarantine
- Using live response