Uddannelsestilbud

VMware Carbon Black EDR Administrator

Information

Pris kr 5.145  Ekskl. moms
Varighed: 1 Dag
Ref: VMW_VCBEDRA
Delivery Type

Sessionsdatoer

Se sessioner for andre lande
    På anmodning. Kontakt os venligst
Disse oplysninger findes også beregnet for intra-virksomhedsuddannelsen. Tøv ikke med at kontakte os for at få flere oplysninger

Beskrivelse


This one-day course teaches you how to use the VMware Carbon Black® EDR™ product and leverage the capabilities to configure and maintain the system according to your organization’s security posture and policies. This course provides an in-depth, technical understanding of the Carbon Black EDR product through comprehensive coursework and hands-on scenario-based labs.

Formål


By the end of the course, you should be able to meet the following objectives:



  • • Describe the components and capabilities of the Carbon Black EDR server

  • • Identify the architecture and data flows for Carbon Black EDR communication

  • • Describe the Carbon Black EDR server installation process

  • • Manage and configure the Carbon Black EDR sever based on organizational requirements

  • • Perform searches across process and binary information

  • • Implement threat intelligence feeds and create watchlists for automated notifications

  • • Describe the different response capabilities available from the Carbon Black EDR server

  • • Use investigations to correlate data between multiple processes

Målgruppe


System administrators and security operations personnel, including analysts and managers

Program


1 Course Introduction



  • • Introductions and course logistics

  • • Course objectives

2 Planning and Installation



  • • Hardware and software requirements

  • • Architecture

  • • Data flows

  • • Server installation review

  • • Installing sensors

3 Server Administration



  • • Configuration and settings

  • • Carbon Black EDR users and groups

4 Process Search and Analysis



  • • Filtering options

  • • Creating searches

  • • Process analysis and events

5 Binary Search and Banning Binaries



  • • Filtering options

  • • Creating searches

  • • Hash banning

6 Search best practices



  • • Search operators

  • • Advanced queries

7 Threat Intelligence



  • • Enabling alliance feeds

  • • Threat reports details

  • • Use and functionality

8 Watchlists



  • • Creating watchlists

  • • Use and functionality

9 Alerts / Investigations / Response



  • • Using the HUD

  • • Alerts workflow

  • • Using network isolation

  • • Using live response

© 2020 VALit Aps - Arrow ECS. All rights reserved.