EDU-CBEDRICM7 VMware Carbon Black EDR: Install, Configure, Manage [V7.x] Training
This three-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.
Duration
3 days.
Prerequisites
There are no prerequisites for this course.
Skills Gained
By the end of the course, you should be able to meet the following objectives:
- Describe the architecture of a Carbon Black EDR implementation
- Perform the installation, upgrade, and configuration of the Carbon Black EDR server
- Describe the purpose and use of multiple datastores in the server
- Perform live queries across endpoints to gather additional data
- Perform effective searches across the dataset to find security artifacts related to the endpoints
- Manage Threat Intelligence Feeds and Watchlists
- Describe connectors in Carbon Black EDR
- Troubleshoot server and sensor problems
- Analyze data found in the Heads-Up Display
- Manage investigations to group and summarize security incidents and artifacts
- Perform the different response capabilities available to users in Carbon Black EDR
- Use the Carbon Black EDR API to automate tasks
Who Can Benefit?
- Security analyst, threat hunters, or incident responders
- Security professionals who work with enterprise and endpoint security tools
Outline for VMware Carbon Black EDR: Install, Configure, Manage [V7.x] Training
Outline
Course Introduction
- Introductions and course logistics
- Course objectives
Planning and Architecture
- Describe the architecture and components of Carbon Black EDR
- Explain single and cluster server requirements
- Identify the communication requirements for Carbon Black EDR
Server Installation, Upgrade, and Administration
- Install the Carbon Black EDR server
- Describe the options during the installation process
- Install a Carbon Black EDR sensor
- Confirm data ingestion in the Carbon Black EDR server
- Identify built-in administration tools
- Manage sensor groups
- Manage users and teams
Exploring Server Datastores
- Describe the datastores used in Carbon Black EDR
- Interact with the available datastores
Performing Live Query
- Describe live query capabilities
- Perform queries across endpoints
Searching and Best Practices
- Describe the capabilities and data available in the process search
- Perform process searches to find specific endpoint activity
- Describe the capabilities and data available in the binary search
- Perform binary searches to find application data
- Describe the query syntax and advanced use cases
- Perform advanced queries across the dataset
Threat Intelligence Feeds and Watchlists
- Define Threat Intelligence Feeds
- Manage the available Threat Intelligence Feeds
- Describe the use of Watchlists
- Manage Watchlists in the environment
Connectors in VMware Carbon Black EDR
- Configure connectors in Carbon Black EDR
- Troubleshoot connectors
Troubleshooting VMware Carbon Black EDR
- Identify the available troubleshooting scripts in the Carbon Black EDR server
- Run troubleshooting scripts to identify problems
- Generate a sensor log bundle
- Identify the location of sensor registry keys
Head-Up Display Page Overview
- Identify panels relating to endpoint data
- Analyze endpoint data provided by the panels
- Identify panels relating to operations data
- Analyze operations data provided by the panels
- Identify panels relating to server data
- Analyze server data provided by the panels
- Define alert generation in Carbon Black EDR
- Manage alerts
Performing Investigations
- Describe investigations
- Explore data used in an investigation
- Manage investigations
- Manage investigation events
Responding to Endpoint Incidents
- Describe isolation in Carbon Black EDR
- Manage isolating endpoints
- Describe live response capabilities
- Manage live response sessions
- Describe hash banning
- Manage banned hashes
Overview of Postman and the VMware Carbon Black EDR API
- Explain the use of the API
- Differentiate the APIs available for Carbon Black EDR
- Explain the purpose of API tokens
- Create an API token
- Explain the API URL
- Create a valid API request
- Import a collection to Postman
- Initiate an API request from Postman
- Perform operations manually using Postman
- Analyze the use cases for Postman
- Show basic automation tasks using the API and curl
- Compare the usage of curl with Postman
Product Alignment
- VMware Carbon Black® EDR™ 7.7