This three-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.

starstarstarstarstar

* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

By the end of the course, you should be able to meet the following objectives:
Describe the architecture of a Carbon Black EDR implementation
Perform the installation, upgrade, and configuration of the Carbon Black EDR server
Describe the purpose and use of multiple datastores in the server
Perform live queries across endpoints to gather additional data
Perform effective searches across the dataset to find security artifacts related to the endpoints
Manage Threat Intelligence Feeds and Watchlists
Describe connectors in Carbon Black EDR
Troubleshoot server and sensor problems
Analyze data found in the Heads-Up Display
Manage investigations to group and summarize security incidents and artifacts
Perform the different response capabilities available to users in Carbon Black EDR
Use the Carbon Black EDR API to automate tasks

1

  • COURSE INTRODUCTION

  • Introductions and course logistics

    Course objectives

2

  • PLANNING AND ARCHITECTURE

  • Describe the architecture and components of Carbon Black EDR

    Identify the communication requirements for Carbon Black EDR

3

  • SERVER INSTALLATION, UPGRADE, AND ADMINISTRATION

  • Install the Carbon Black EDR server

    Describe the options during the installation process

    Install a Carbon Black EDR sensor

    Confirm data ingestion in the Carbon Black EDR server

    Identify built-in administration tools

    Manage sensor groups

    Manage users and teams

4

  • SERVER DATASTORES

  • Describe the datastores used in Carbon Black EDR

    Interact with the available datastores

5

  • LIVE QUERY

  • Describe live query capabilities

    Perform queries across endpoints

6

  • SEARCHING AND BEST PRACTICES

  • Describe the capabilities and data available in the process search

    Perform process searches to find specific endpoint activity

    Describe the capabilities and data available in the binary search

    Perform binary searches to find application data

    Describe the query syntax and advanced use cases

    Perform advanced queries across the dataset

7

  • THREAT INTELLIGENCE FEEDS AND WATCHLISTS

  • Define Threat Intelligence Feeds

    Manage the available Threat Intelligence Feeds

    Describe the use of Watchlists

    Manage Watchlists in the environment

8

  • CONNECTORS IN CARBON BLACK EDR

  • Configure connectors in Carbon Black EDR

    Troubleshoot connectors

9

  • TROUBLESHOOTING

  • Identify the available troubleshooting scripts in the Carbon Black EDR server

    Run troubleshooting scripts to identify problems

    Generate a sensor log bundle

    Identify the location of sensor registry keys

10

  • HEAD-UP DISPLAY

  • Identify panels relating to endpoint data

    Analyze endpoint data provided by the panels

    Identify panels relating to operations data

    Analyze operations data provided by the panels

    Identify panels relating to server data

    Analyze server data provided by the panels

    Define alert generation in Carbon Black EDR

    Manage alerts

11

  • INVESTIGATIONS

  • Describe investigations

    Explore data used in an investigation

    Manage investigations

    Manage investigation events

12

  • RESPONDING TO ENDPOINT INCIDENTS

  • Describe isolation in Carbon Black EDR

    Manage isolating endpoints

    Describe live response capabilities

    Manage live response sessions

    Describe hash banning

    Manage banned hashes

13

  • OVERVIEW OF POSTMAN AND THE CARBON BLACK EDR API

  • Explain the use of the API

    Differentiate the APIs available for Carbon Black EDR

    Explain the purpose of API tokens

    Create an API token

    Explain the API URL

    Create a valid API request

    Import a collection to Postman

    Initiate an API request from Postman

    Perform operations manually using Postman

    Analyze the use cases for Postman

    Show basic automation tasks using the API and curl

    Compare the usage of curl with Postman

Audience

Security analyst, threat hunters, or incident responders Security professionals who work with enterprise and endpoint security tools

Language

English

Prerequisites

$2,550

Length: 3.0 days (24 hours)

Level:

Not Your Location? Change

Course Schedule:

To request a custom delivery, please chat with an expert.

Loading...