IntroductionCourse Outline

Duration

30 days.

Prerequisites

This course requires completion of the following course:

  • VMware Carbon Black Cloud Fundamentals

Skills Gained

By the end of the course, you should be able to meet the following objectives:

  • Describe the components and capabilities of VMware Carbon Black Cloud Endpoint Standard
  • Identify the architecture and data flows for Carbon Black Cloud Endpoint Standard communication
  • Perform searches across endpoint data to discover suspicious behavior
  • Manage the Carbon Black Cloud Endpoint Standard rules based on organizational requirements
  • Configure rules to address common threats
  • Evaluate the impact of rules on endpoints
  • Process and respond to alerts
  • Describe the different response capabilities available from VMware Carbon Black Cloud™

Who Can Benefit?

System administrators and security operations personnel, including analysts and managers.

    Outline for VMware Carbon Black Cloud Endpoint Standard-On Demand Training

    Outline

    Course Introduction

    • Introductions and course logistics
    • Course objectives

    Data Flows and Communication

    • Hardware and software requirements
    • Architecture
    • Data flows

    Searching Data

    • Creating searches
    • Analyzing events
    • Search operators
    • Advanced queries

    Policy Components

    • Rules
    • Local scanner
    • Sensor capabilities

    Prevention Capabilities Using Rules

    • Rule types
    • Rule creation
    • Reputation priority
    • Configuring rules
    • Evaluating rule impact

    Processing Alerts

    • Alert triage
    • Alert actions

    Response Capabilities

    • Using quarantine
    • Using live response
    • Hash banning

    Product Alignment

    • VMware Carbon Black Cloud Endpoint Standard
    • VMware Carbon Black Cloud Endpoint™ Advanced
    • VMware Carbon Black Cloud Endpoint™ Enterprise