Overview
This 5-day course teaches you how to install, configure, and manage the VMware Carbon Black® Portfolio suite of products, which include:
- VMware Carbon Black® App Control™ Administrator
- VMware Carbon Black® EDR™ Administrator
- VMware Carbon Black Cloud Endpointâ„¢ Standard
- VMware Carbon Black® Cloud Audit and Remediation
- VMware Carbon Black® Cloud Enterprise EDR™
You learn how to use the capabilities of the products according to the organization’s security posture and organizational policies. This course provides an in-depth, technical understanding of the Carbon Black Portfolio through comprehensive coursework, hands-on labs, and scenario-based exercises.
Prerequisites
System administration experience on Microsoft Windows or Linux operating systems
Who Should Attend?
System administrators and security operations personnel (including analysts and managers)
Course Outline
- Introductions and course logistics
- Course objectives
- Login Accounts and Groups
- Policies
- Computer Details
- Custom Rules
- Tools
- Events
- Baseline Drift
- Planning and Architecture
- Server Installation & Administration
- Process Search and Analysis
- Binary Search and Banning Binaries
- Search best practices
- Threat Intelligence
- Watchlists
- Alerts / Investigations / Responses
- Data Flows and Communication
- Searching Data
- Policy Components
- Prevention Capabilities Using Rules
- Processing Alerts
- Response Capabilities
- Managing Watchlists
- Alert Processing
- Threat Hunting in Enterprise EDR
- Response Capabilities
- Query Basics
- Recommended Queries
- SQL Basics
- Filtering Results
- Basic SQL Queries
- Advanced Search Capabilities
- Response Capabilities