EDU-VCBCEEDR

VMware Carbon Black Cloud Enterprise EDR Training

This one-day course teaches you how to use the VMware Carbon Black® Cloud Enterprise EDR™ product and leverage its capabilities to configure and maintain the system according to your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Course Details

Duration

1 day

Prerequisites

Complete VMware Carbon Black Cloud Fundamentals course

Target Audience

Security Operations personnel including analyst and managers

Skills Gained

  • Describe the components and capabilities of VMware Carbon Black Cloud Enterprise EDR
  • Identify the architecture and data flows for VMware Carbon Black Cloud Enterprise EDR communication
  • Perform searches across endpoint data to discover suspicious behavior
  • Manage watchlists to augment the functionality of VMware Carbon Black Cloud Enterprise EDR
  • Create custom watchlists to detect suspicious activity in your environment
  • Describe the process for responding to alerts in VMware Carbon Black Cloud Enterprise EDR
  • Discover malicious activity within VMware Carbon Black Cloud Enterprise EDR
  • Describe the different response capabilities available from VMware Carbon Black Cloud
Course Outline
  • Data Flows and Communication
    • Hardware and software requirements
    • Architecture
    • Data flows
  • Searching Data
    • Creating searches
    • Search operators
    • Analyzing processes
    • Analyzing binaries
    • Advanced queries
  • Managing Watchlists
    • Subscribing
    • Alerting
    • Custom watchlists
  • Alert Processing
    • Alert creation
    • Analyzing alert data
    • Alert actions
  • Threat Hunting in Enterprise EDR
    • Cognitive Attack Loop
    • Malicious behaviors
  • Response Capabilities
    • Using quarantine
    • Using live response
  • Product Alignment
    • VMware Carbon Black® EDR™
    • VMware Carbon Black Cloud Endpoint™ Enterprise