3 days.


There are no prerequisites for this course.

    Skills Gained

    By the end of the course, you should be able to meet the following objectives:

    • Describe the architecture of a Carbon Black EDR implementation
    • Perform the installation, upgrade, and configuration of the Carbon Black EDR server
    • Describe the purpose and use of multiple datastores in the server
    • Perform live queries across endpoints to gather additional data
    • Perform effective searches across the dataset to find security artifacts related to the endpoints
    • Manage Threat Intelligence Feeds and Watchlists
    • Describe connectors in Carbon Black EDR
    • Troubleshoot server and sensor problems
    • Analyze data found in the Heads-Up Display
    • Manage investigations to group and summarize security incidents and artifacts
    • Perform the different response capabilities available to users in Carbon Black EDR
    • Use the Carbon Black EDR API to automate tasks

    Who Can Benefit?

    • Security analyst, threat hunters, or incident responders
    • Security professionals who work with enterprise and endpoint security tools

    Outline for VMware Carbon Black EDR: Install, Configure, Manage [V7.x] Training


    Course Introduction

    • Introductions and course logistics
    • Course objectives

    Planning and Architecture

    • Describe the architecture and components of Carbon Black EDR
    • Explain single and cluster server requirements
    • Identify the communication requirements for Carbon Black EDR

    Server Installation, Upgrade, and Administration

    • Install the Carbon Black EDR server
    • Describe the options during the installation process
    • Install a Carbon Black EDR sensor
    • Confirm data ingestion in the Carbon Black EDR server
    • Identify built-in administration tools
    • Manage sensor groups
    • Manage users and teams

    Exploring Server Datastores

    • Describe the datastores used in Carbon Black EDR
    • Interact with the available datastores

    Performing Live Query

    • Describe live query capabilities
    • Perform queries across endpoints

    Searching and Best Practices

    • Describe the capabilities and data available in the process search
    • Perform process searches to find specific endpoint activity
    • Describe the capabilities and data available in the binary search
    • Perform binary searches to find application data
    • Describe the query syntax and advanced use cases
    • Perform advanced queries across the dataset

    Threat Intelligence Feeds and Watchlists

    • Define Threat Intelligence Feeds
    • Manage the available Threat Intelligence Feeds
    • Describe the use of Watchlists
    • Manage Watchlists in the environment

    Connectors in VMware Carbon Black EDR

    • Configure connectors in Carbon Black EDR
    • Troubleshoot connectors

    Troubleshooting VMware Carbon Black EDR

    • Identify the available troubleshooting scripts in the Carbon Black EDR server
    • Run troubleshooting scripts to identify problems
    • Generate a sensor log bundle
    • Identify the location of sensor registry keys

    Head-Up Display Page Overview

    • Identify panels relating to endpoint data
    • Analyze endpoint data provided by the panels
    • Identify panels relating to operations data
    • Analyze operations data provided by the panels
    • Identify panels relating to server data
    • Analyze server data provided by the panels
    • Define alert generation in Carbon Black EDR
    • Manage alerts

    Performing Investigations

    • Describe investigations
    • Explore data used in an investigation
    • Manage investigations
    • Manage investigation events

    Responding to Endpoint Incidents

    • Describe isolation in Carbon Black EDR
    • Manage isolating endpoints
    • Describe live response capabilities
    • Manage live response sessions
    • Describe hash banning
    • Manage banned hashes

    Overview of Postman and the VMware Carbon Black EDR API

    • Explain the use of the API
    • Differentiate the APIs available for Carbon Black EDR
    • Explain the purpose of API tokens
    • Create an API token
    • Explain the API URL
    • Create a valid API request
    • Import a collection to Postman
    • Initiate an API request from Postman
    • Perform operations manually using Postman
    • Analyze the use cases for Postman
    • Show basic automation tasks using the API and curl
    • Compare the usage of curl with Postman

    Product Alignment

    • VMware Carbon Black® EDR™ 7.7