IntroductionCourse Outline

Duration

1 days.

Prerequisites

This course requires completion of the following course:

  • VMware Carbon Black Cloud Fundamentals

Skills Gained

By the end of the course, you should be able to meet the following objectives:

  • Describe the components and capabilities of VMware Carbon Black Cloud Enterprise EDR
  • Identify the architecture and data flows for VMware Carbon Black Cloud Enterprise EDR communication
  • Perform searches across endpoint data to discover suspicious behavior
  • Manage watchlists to augment the functionality of VMware Carbon Black Cloud Enterprise EDR
  • Create custom watchlists to detect suspicious activity in your environment
  • Describe the process for responding to alerts in VMware Carbon Black Cloud Enterprise EDR
  • Discover malicious activity within VMware Carbon Black Cloud Enterprise EDR
  • Describe the different response capabilities available from VMware Carbon Black Cloud

Who Can Benefit?

Security operations personnel, including analysts and managers

    Outline for VMware Carbon Black Cloud Enterprise EDR Training

    Outline

    Course Introduction

    • Introductions and course logistics
    • Course objectives

    Data Flows and Communication

    • Hardware and software requirements
    • Architecture
    • Data flows

    Searching Data

    • Creating searches
    • Search operators
    • Analyzing processes
    • Analyzing binaries
    • Advanced queries

    Managing Watchlists

    • Subscribing
    • Alerting
    • Custom watchlists

    Alert Processing

    • Alert creation
    • Analyzing alert data
    • Alert actions

    Threat Hunting in Enterprise EDR

    • Cognitive Attack Loop
    • Malicious behaviors

    Response Capabilities

    • Using quarantine
    • Using live response

    Product Alignment

    • VMware Carbon Black® EDR™
    • VMware Carbon Black Cloud Endpoint™ Enterprise