BroadcomVATCLogo PNG v2
8017  Reviews star_rate star_rate star_rate star_rate star_half

VMware Carbon Black EDR: Install, Configure, Manage [V7.x]

This three-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™...

Read More
$2,550 USD
Course Code EDU-CBEDRICM7
Duration 3 days
Available Formats Classroom

This three-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.

Skills Gained

By the end of the course, you should be able to meet the following objectives:

  • Describe the architecture of a Carbon Black EDR implementation
  • Perform the installation, upgrade, and configuration of the Carbon Black EDR server
  • Describe the purpose and use of multiple datastores in the server
  • Perform live queries across endpoints to gather additional data
  • Perform effective searches across the dataset to find security artifacts related to the endpoints
  • Manage Threat Intelligence Feeds and Watchlists
  • Describe connectors in Carbon Black EDR
  • Troubleshoot server and sensor problems
  • Analyze data found in the Heads-Up Display
  • Manage investigations to group and summarize security incidents and artifacts
  • Perform the different response capabilities available to users in Carbon Black EDR
  • Use the Carbon Black EDR API to automate tasks

Who Can Benefit

  • Security analyst, threat hunters, or incident responders
  • Security professionals who work with enterprise and endpoint security tools

Prerequisites

There are no prerequisites for this course.

Course Details

Product Alignment

  • VMware Carbon Black® EDR™ 7.7

Outline

Course Introduction

  • Introductions and course logistics
  • Course objectives

Planning and Architecture

  • Describe the architecture and components of Carbon Black EDR
  • Explain single and cluster server requirements
  • Identify the communication requirements for Carbon Black EDR

Server Installation, Upgrade, and Administration

  • Install the Carbon Black EDR server
  • Describe the options during the installation process
  • Install a Carbon Black EDR sensor
  • Confirm data ingestion in the Carbon Black EDR server
  • Identify built-in administration tools
  • Manage sensor groups
  • Manage users and teams

Exploring Server Datastores

  • Describe the datastores used in Carbon Black EDR
  • Interact with the available datastores

Performing Live Query

  • Describe live query capabilities
  • Perform queries across endpoints

Searching and Best Practices

  • Describe the capabilities and data available in the process search
  • Perform process searches to find specific endpoint activity
  • Describe the capabilities and data available in the binary search
  • Perform binary searches to find application data
  • Describe the query syntax and advanced use cases
  • Perform advanced queries across the dataset

Threat Intelligence Feeds and Watchlists

  • Define Threat Intelligence Feeds
  • Manage the available Threat Intelligence Feeds
  • Describe the use of Watchlists
  • Manage Watchlists in the environment

Connectors in VMware Carbon Black EDR

  • Configure connectors in Carbon Black EDR
  • Troubleshoot connectors

Troubleshooting VMware Carbon Black EDR

  • Identify the available troubleshooting scripts in the Carbon Black EDR server
  • Run troubleshooting scripts to identify problems
  • Generate a sensor log bundle
  • Identify the location of sensor registry keys

Head-Up Display Page Overview

  • Identify panels relating to endpoint data
  • Analyze endpoint data provided by the panels
  • Identify panels relating to operations data
  • Analyze operations data provided by the panels
  • Identify panels relating to server data
  • Analyze server data provided by the panels
  • Define alert generation in Carbon Black EDR
  • Manage alerts

Performing Investigations

  • Describe investigations
  • Explore data used in an investigation
  • Manage investigations
  • Manage investigation events

Responding to Endpoint Incidents

  • Describe isolation in Carbon Black EDR
  • Manage isolating endpoints
  • Describe live response capabilities
  • Manage live response sessions
  • Describe hash banning
  • Manage banned hashes

Overview of Postman and the VMware Carbon Black EDR API

  • Explain the use of the API
  • Differentiate the APIs available for Carbon Black EDR
  • Explain the purpose of API tokens
  • Create an API token
  • Explain the API URL
  • Create a valid API request
  • Import a collection to Postman
  • Initiate an API request from Postman
  • Perform operations manually using Postman
  • Analyze the use cases for Postman
  • Show basic automation tasks using the API and curl
  • Compare the usage of curl with Postman