logo
Home

VMware Carbon Black EDR Advanced Analyst

  • CMDBID 113869
  • Course Code VMCBEAAN,EDR
  • Duration 1 Days
Scroll

VMware Carbon Black Course

course overview

Click to View dates & book now

Overview

This one-day course teaches you how to use the VMware Carbon Black EDR product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.

Product Alignment

- VMware Carbon Black EDR

Audience

Security operations personnel, including analysts and incident responders

Skills Gained

By the end of the course, you should be able to meet the following objectives:

  • Utilize Carbon Black EDR throughout an incident
  • Implement a baseline configuration for Carbon Black EDR
  • Determine if an alert is a true or false positive
  • Fully scope out an attack from moment of compromise
  • Describe Carbon Black EDR capabilities available to respond to an incident
  • Create addition detection controls to increase security

Prerequisites

This course requires completion of the following course:

  • VMware Carbon Black EDR Administrator

Outline

1  Course Introduction

  • Introductions and course logistics
  • Course objectives

2  VMware Carbon Black EDR & Incident Response

  • Framework identification and process

3  Preparation

  • Implement the Carbon Black EDR instance according to organizational requirements

4  Identification

  • Use initial detection mechanisms
  • Process alerts
  • Proactive threat hunting
  • Incident determination

5  Containment

  • Incident scoping
  • Artifact collection
  • Investigation

6  Eradication

  • Hash banning
  • Removing artifacts
  • Continuous monitoring

7  Recovery

  • Rebuilding endpoints
  • Getting to a more secure state

8  Lessons Learned

  • Tuning Carbon Black EDR
  • Incident close out

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.