Refer a friend and get up to $100 Amazon gift card*  when they book training!

Learn More
closeClose

VMware Carbon Black EDR Advanced Analyst

  • Tuition USD $925 GSA  $792.19
  • Reviews star_rate star_rate star_rate star_rate star_half 2325 Ratings
  • Course Code EDU-VCBEDRAAN
  • Duration 1 day
  • Available Formats Classroom, Virtual
View Schedule Ask a Question Need Group Training?

This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.

Skills Gained

By the end of the course, you should be able to meet the following objectives:

  • Utilize Carbon Black EDR throughout an incident
  • Implement a baseline configuration for Carbon Black EDR
  • Determine if an alert is a true or false positive
  • Fully scope out an attack from moment of compromise
  • Describe Carbon Black EDR capabilities available to respond to an incident
  • Create addition detection controls to increase security

Who Can Benefit

Security operations personnel, including analysts and incident responders.

Prerequisites

This course requires completion of the following course:

  • VMware Carbon Black EDR Administrator

Course Details

Product Alignment

  • VMware Carbon Black EDR

Outline

Course Introduction

  • Introductions and course logistics
  • Course objectives

VMware Carbon Black EDR & Incident Response

  • Framework identification and process

Preparation

  • Implement the Carbon Black EDR instance according to organizational requirements

Identification

  • Use initial detection mechanisms
  • Process alerts
  • Proactive threat hunting
  • Incident determination

Containment

  • Incident scoping
  • Artifact collection
  • Investigation

Eradication

  • Hash banning
  • Removing artifacts
  • Continuous monitoring

Recovery

  • Rebuilding endpoints
  • Getting to a more secure state

Lessons Learned

  • Tuning Carbon Black EDR
  • Incident close out
Read Less

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals, and private on sites. View our group training page for more information.

Both course material and instructor demonstrated a sound foundation on Maximo material

I am overall very impressed with ExitCertified/Tech Data regarding the Spring Core class outline and iMVP delivery format.

It was a very robust and well polished tool that helped greatly with the learning process.

Although there seemed to be too many links for the course, everything worked smoothly.

The course was very high level but was able to understand all the topics covered.

9 options available

undo
  • Mar 3, 2021 Mar 3, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • Mar 17, 2021 Mar 17, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • Apr 7, 2021 Apr 7, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • Apr 21, 2021 Apr 21, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • May 5, 2021 May 5, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • May 19, 2021 May 19, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • Jun 9, 2021 Jun 9, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • Jun 30, 2021 Jun 30, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
  • Jul 21, 2021 Jul 21, 2021 (1 day)
    Location
    Virtual
    Language
    English
    Time
    9:00 AM 5:00 PM CDT
    Enroll
    Enroll
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward