Intrinsic Security
VM-VCBEDRA-On Demand
VMware Carbon Black EDR Administrator
Target Audience
System administrators and security operations personnel, including analysts and managers
Prerequisites
There are no prerequisites for this course.
Overview:
|
Course Objectives
By the end of the course, you should be able to meet the following objectives:
- Describe the components and capabilities of the Carbon Black EDR server
- Identify the architecture and data flows for Carbon Black EDR communication
- Describe the Carbon Black EDR server installation process
- Manage and configure the Carbon Black EDR sever based on organizational requirements
- Perform searches across process and binary information
- Implement threat intelligence feeds and create watchlists for automated notifications
- Describe the different response capabilities available from the Carbon Black EDR server
- Use investigations to correlate data between multiple processes
Course Outline
1 Course Introduction
• Introductions and course logistics
• Course objectives
2 Planning and Architecture
• Hardware and software requirements
• Architecture
• Data flows
• Server installation review
• Installing sensors
3 Server Installation & Administration
• Configuration and settings
• Carbon Black EDR users and groups
4 Process Search and Analysis
• Filtering options
• Creating searches
• Process analysis and events
5 Binary Search and Banning Binaries
• Filtering options
• Creating searches
• Hash banning
6 Search best practices
• Search operators
• Advanced queries
7 Threat Intelligence
• Enabling alliance feeds
• Threat reports details
• Use and functionality
8 Watchlists
• Creating watchlists
• Use and functionality
9 Alerts / Investigations / Response
• Using the HUD
• Alerts workflow
• Using network isolation
• Using live response
If you would like to know more about this course please contact us
