Information Technology
VMware Carbon Black EDR: Install, Configure, Manage [V7.x]
This three-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.
3 Days
24 Hrs
13 Lessons
![VMware Carbon Black EDR: Install, Configure, Manage [V7.x]](https://diy.simplitrain.com/Images/Revolution/ProductLine/Vmware_Graphics.png)
Course Objectives
By the end of the course, you should be able to meet the following objectives:
- Describe the architecture of a Carbon Black EDR implementation Perform the installation, upgrade, and configuration of the Carbon Black EDR server Describe the purpose and use of multiple datastores in the server Perform live queries across endpoints to gather additional data Perform effective searches across the dataset to find security artifacts related to the endpoints Manage Threat Intelligence Feeds and Watchlists Describe connectors in Carbon Black EDR Troubleshoot server and sensor problems Analyze data found in the Heads
- Up Display Manage investigations to group and summarize security incidents and artifacts Perform the different response capabilities available to users in Carbon Black EDR Use the Carbon Black EDR API to automate tasks
Agenda
- Introductions and course logistics
- Course objectives
- Describe the architecture and components of Carbon Black EDR
- Identify the communication requirements for Carbon Black EDR
- Install the Carbon Black EDR server
- Describe the options during the installation process
- Install a Carbon Black EDR sensor
- Confirm data ingestion in the Carbon Black EDR server
- Identify built-in administration tools
- Manage sensor groups
- Manage users and teams
- Describe the datastores used in Carbon Black EDR
- Interact with the available datastores
- Describe live query capabilities
- Perform queries across endpoints
- Describe the capabilities and data available in the process search
- Perform process searches to find specific endpoint activity
- Describe the capabilities and data available in the binary search
- Perform binary searches to find application data
- Describe the query syntax and advanced use cases
- Perform advanced queries across the dataset
- Define Threat Intelligence Feeds
- Manage the available Threat Intelligence Feeds
- Describe the use of Watchlists
- Manage Watchlists in the environment
- Configure connectors in Carbon Black EDR
- Troubleshoot connectors
- Identify the available troubleshooting scripts in the Carbon Black EDR server
- Run troubleshooting scripts to identify problems
- Generate a sensor log bundle
- Identify the location of sensor registry keys
- Identify panels relating to endpoint data
- Analyze endpoint data provided by the panels
- Identify panels relating to operations data
- Analyze operations data provided by the panels
- Identify panels relating to server data
- Analyze server data provided by the panels
- Define alert generation in Carbon Black EDR
- Manage alerts
- Describe investigations
- Explore data used in an investigation
- Manage investigations
- Manage investigation events
- Describe isolation in Carbon Black EDR
- Manage isolating endpoints
- Describe live response capabilities
- Manage live response sessions
- Describe hash banning
- Manage banned hashes
- Explain the use of the API
- Differentiate the APIs available for Carbon Black EDR
- Explain the purpose of API tokens
- Create an API token
- Explain the API URL
- Create a valid API request
- Import a collection to Postman
- Initiate an API request from Postman
- Perform operations manually using Postman
- Analyze the use cases for Postman
- Show basic automation tasks using the API and curl
- Compare the usage of curl with Postman
FREE
Interested in course?
Course Type: Instructor Led