Overview
This one-day course teaches you how to use the advanced features of the VMware Carbon Black® EDR™ product. This usage includes gaining access to the Linux server for management and troubleshooting in addition to configuring integrations and using the API. This course provides an in-depth, technical understanding of the Carbon Black EDR product through comprehensive coursework and hands-on scenario-based labs. This class focuses exclusively on advanced technical topics related to the technical back-end configuration and maintenance.
Prerequisites
This course requires completion of the following course:
Who Should Attend?
System administrators and security operations personnel, including analysts and managers
Course Outline
- Introductions and course logistics
- Course objectives
- Data flows and channels
- Sizing considerations
- Communication channels and ports
- SOLR database
- Storage configurations and data aging
- Partition states
- Postgres
- Modulestore
- CBAPI overview
- Viewing API calls in the browser
- Utilizing the API to access data
- Feed structure
- Report indicator types
- Custom threat feed creation and addition
- SIEM support
- Configuration
- Server-side scripts
- Server logs
- Sensor operations
