VMware Carbon Black EDR: Install, Configure, Manage [V7.x]
E-Learning
Description
This three-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.
This three-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.
By the end of the course, you should be able to meet the following objectives:
Describe the architecture of a Carbon Black EDR implementation
Perform the installation, upgrade, and configuration of the Carbon Black EDR server
Describe the purpose and use of multiple datastores in the server
Perform live queries across endpoints to gather additional data
Perform effective searches across the dataset to find security artifacts related to the endpoints
Manage Threat Intelligence Feeds and Watchlists
Describe connectors in Carbon Black EDR
Troubleshoot server and sensor problems
Analyze data found in the Heads-Up Display
Manage investigations to group and summarize security incidents and artifacts
Perform the different response capabilities available to users in Carbon Black EDR
Use the Carbon Black EDR API to automate tasks
Security analyst, threat hunters, or incident responders
Security professionals who work with enterprise and endpoint security tools
| Lesson Id | Title | Description |
|---|---|---|
| 1 | Course Introduction |
Introductions and course logistics Course objectives |
| 2 | Planning and Architecture |
Describe the architecture and components of Carbon Black EDR Identify the communication requirements for Carbon Black EDR |
| 3 | Server Installation, Upgrade, and Administration |
Install the Carbon Black EDR server Describe the options during the installation process Install a Carbon Black EDR sensor Confirm data ingestion in the Carbon Black EDR server Identify built-in administration tools Manage sensor groups Manage users and teams |
| 4 | Server Datastores |
Describe the datastores used in Carbon Black EDR Interact with the available datastores |
| 5 | Live Query |
Describe live query capabilities Perform queries across endpoints |
| 6 | Searching and Best Practices |
Describe the capabilities and data available in the process search Perform process searches to find specific endpoint activity Describe the capabilities and data available in the binary search Perform binary searches to find application data Describe the query syntax and advanced use cases Perform advanced queries across the dataset |
| 7 | Threat Intelligence Feeds and Watchlists |
Define Threat Intelligence Feeds Manage the available Threat Intelligence Feeds Describe the use of Watchlists Manage Watchlists in the environment |
| 8 | Connectors in Carbon Black EDR |
Configure connectors in Carbon Black EDR Troubleshoot connectors |
| 9 | Troubleshooting |
Identify the available troubleshooting scripts in the Carbon Black EDR server Run troubleshooting scripts to identify problems Generate a sensor log bundle Identify the location of sensor registry keys |
| 10 | Head-Up Display |
Identify panels relating to endpoint data Analyze endpoint data provided by the panels Identify panels relating to operations data Analyze operations data provided by the panels Identify panels relating to server data Analyze server data provided by the panels Define alert generation in Carbon Black EDR Manage alerts |
| 11 | Investigations |
Describe investigations Explore data used in an investigation Manage investigations Manage investigation events |
| 12 | Responding to Endpoint Incidents |
Describe isolation in Carbon Black EDR Manage isolating endpoints Describe live response capabilities Manage live response sessions Describe hash banning Manage banned hashes |
| 13 | Overview of Postman and the Carbon Black EDR API |
Explain the use of the API Differentiate the APIs available for Carbon Black EDR Explain the purpose of API tokens Create an API token Explain the API URL Create a valid API request Import a collection to Postman Initiate an API request from Postman Perform operations manually using Postman Analyze the use cases for Postman Show basic automation tasks using the API and curl Compare the usage of curl with Postman |
Self-Paced
Free
This course includes: :
Full lifetime access