VMware Carbon Black EDR Administrator
This course teaches you how to use the VMware Carbon Black® EDR™ product and leverage the capabilities to configure and maintain the system according to your organization’s security posture and policies. This course provides an in-depth, technical understanding of the Carbon Black EDR product through comprehensive coursework and hands-on scenario-based labs.
Course Objectives
By the end of the course, you should be able to meet the following objectives:
- Describe the components and capabilities of the Carbon Black EDR server Identify the architecture and data flows for Carbon Black EDR communication Describe the Carbon Black EDR server installation process Manage and configure the Carbon Black EDR sever based on organizational requirements Perform searches across process and binary information Implement threat intelligence feeds and create watchlists for automated notifications Describe the different response capabilities available from the Carbon Black EDR server Use investigations to correlate data between multiple processes
Agenda
- Introductions and course logistics
- Course objectives
- Hardware and software requirements
- Architecture
- Data flows
- Server installation review
- Installing sensors
- Configuration and settings
- Carbon Black EDR users and groups
- Filtering options
- Creating searches
- Process analysis and events
- Filtering options
- Creating searches
- Hash banning
- Search operators
- Advanced queries
- Enabling alliance feeds
- Threat reports details
- Use and functionality
- Creating watchlists
- Use and functionality
- Using the HUD
- Alerts workflow
- Using network isolation
- Using live response
FREE
Interested in course?
Course Type: Instructor Led
Course Type: Self Paced