30 days.


There are no prerequisites for this course.

    Skills Gained

    By the end of the course, you should be able to meet the following objectives:

    • Describe the components and capabilities of the Carbon Black EDR server
    • Identify the architecture and data flows for Carbon Black EDR communication
    • Describe the Carbon Black EDR server installation process
    • Manage and configure the Carbon Black EDR sever based on organizational requirements
    • Perform searches across process and binary information
    • Implement threat intelligence feeds and create watchlists for automated notifications
    • Describe the different response capabilities available from the Carbon Black EDR server
    • Use investigations to correlate data between multiple processes

    Who Can Benefit?

    System administrators and security operations personnel, including analysts and managers.

      Outline for VMware Carbon Black EDR Administrator - On Demand Training

      Planning and Architecture

      • Hardware and software requirements
      • Architecture
      • Data flows
      • Server installation review
      • Installing sensors

      Server Installation & Administration

      Configuration and settings Carbon Black EDR users and groups

        Process Search and Analysis

        • Filtering options
        • Creating searches
        • Process analysis and events

        Binary Search and Banning Binaries

        • Filtering options
        • Creating searches
        • Hash banning

        Search Best Practices

        • Search operators
        • Advanced queries

        Threat Intelligence

        • Enabling alliance feeds
        • Threat reports details
        • Use and functionality


        • Creating watchlists
        • Use and functionality

        Alerts / Investigations / Response

        • Using the HUD
        • Alerts workflow
        • Using network isolation
        • Using live response