VMware Carbon Black EDR: Install, Configure, Manage
Length 3 days
Version 7.x
Course overview
View dates &
book now
Why study this course
This course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.
Product Alignment • VMware Carbon Black® EDR™ 7.7
Request Course Information
By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.
What you’ll learn
By the end of the course, you should be able to meet the following objectives:
Describe the architecture of a Carbon Black EDR implementation
Perform the installation, upgrade, and configuration of the Carbon Black EDR server
Describe the purpose and use of multiple datastores in the server
Perform live queries across endpoints to gather additional data
Perform effective searches across the dataset to find security artifacts related to the endpoints
Manage Threat Intelligence Feeds and Watchlists
Describe connectors in Carbon Black EDR
Troubleshoot server and sensor problems
Analyse data found in the Heads-Up Display
Manage investigations to group and summarise security incidents and artifacts
Perform the different response capabilities available to users in Carbon Black EDR
Use the Carbon Black EDR API to automate tasks
VMware at Lumify Work
VMware is the world leader in server virtualisation technologies. Lumify Work is a VMware Education Reseller Partner (VERP), offering training in vSphere, vRealize, vSAN, Horizon, NSX-T, Workspace ONE, Carbon Black, and other VMware technologies and platforms.
Stay ahead of the technology curve
Don’t let your tech outpace the skills of your people
Train Anywhere
From our state-of-the-art classrooms to telepresence to your offices, our instructor-led training caters to your needs.
Track Record
We have a 30-year history of driving innovative, award-winning learning solutions.
More Courses, More Often
When you train with Lumify Work you get more courses, more often, in more locations, and from more vendors.
Quality Instructors and Content
Expert instructors with real world experience and the latest vendor-approved in-depth course content.
Partner-Preferred Supplier
Chosen and awarded by the world's leading vendors as preferred training partner.
Ahead of the Technology Curve
No matter your chosen technologies or platforms, we can help you stay one step ahead.
Train Anywhere
From our state-of-the-art classrooms to telepresence to your offices, our instructor-led training caters to your needs.
Track Record
We have a 30-year history of driving innovative, award-winning learning solutions.
More Courses, More Often
When you train with Lumify Work you get more courses, more often, in more locations, and from more vendors.
Quality Instructors and Content
Expert instructors with real world experience and the latest vendor-approved in-depth course content.
Partner-Preferred Supplier
Chosen and awarded by the world's leading vendors as preferred training partner.
Ahead of the Technology Curve
No matter your chosen technologies or platforms, we can help you stay one step ahead.
Train Anywhere
From our state-of-the-art classrooms to telepresence to your offices, our instructor-led training caters to your needs.
Track Record
We have a 30-year history of driving innovative, award-winning learning solutions.
More Courses, More Often
When you train with Lumify Work you get more courses, more often, in more locations, and from more vendors.
Who is the course for?
Security analyst, threat hunters, or incident responders
Security professionals who work with enterprise and endpoint security tools
Course subjects
1. Course Introduction
Introductions and course logistics
Course objectives
2. Planning and Architecture
Describe the architecture and components of Carbon Black EDR
Identify the communication requirements for Carbon Black EDR
3. Server Installation, Upgrade, and Administration
Install the Carbon Black EDR server
Describe the options during the installation process
Install a Carbon Black EDR sensor
Confirm data ingestion in the Carbon Black EDR server
Identify built-in administration tools
Manage sensor groups
Manage users and teams
4. Server Datastores
Describe the datastores used in Carbon Black EDR
Interact with the available datastores
5. Live Query
Describe live query capabilities
Perform queries across endpoints
6. Searching and Best Practices
Describe the capabilities and data available in the process search
Perform process searches to find specific endpoint activity
Describe the capabilities and data available in the binary search
Perform binary searches to find application data
Describe the query syntax and advanced use cases
Perform advanced queries across the dataset
7. Threat Intelligence Feeds and Watchlists
Define Threat Intelligence Feeds
Manage the available Threat Intelligence Feeds
Describe the use of Watchlists
Manage Watchlists in the environment
8. Connectors in Carbon Black EDR
Configure connectors in Carbon Black EDR
Troubleshoot connectors
9. Troubleshooting
Identify the available troubleshooting scripts in the Carbon Black EDR server
Run troubleshooting scripts to identify problems
Generate a sensor log bundle
Identify the location of sensor registry keys
10. Head-Up Display
Identify panels relating to endpoint data
Analyse endpoint data provided by the panels
Identify panels relating to operations data
Analyse operations data provided by the panels
Identify panels relating to server data
Analyse server data provided by the panels
Define alert generation in Carbon Black EDR
Manage alerts
11. Investigations
Describe investigations
Explore data used in an investigation
Manage investigations
Manage investigation events
12. Responding to Endpoint Incidents
Describe isolation in Carbon Black EDR
Manage isolating endpoints
Describe live response capabilities
Manage live response sessions
Describe hash banning
Manage banned hashes
13. Overview of Postman and the Carbon Black EDR API
Explain the use of the API
Differentiate the APIs available for Carbon Black EDR
Explain the purpose of API tokens
Create an API token
Explain the API URL
Create a valid API request
Import a collection to Postman
Initiate an API request from Postman
Perform operations manually using Postman
Analyse the use cases for Postman
Show basic automation tasks using the API and curl
Compare the usage of curl with Postman
Prerequisites
There are no prerequisites for this course.
VMware On Demand is now available, with a huge range of courses. Click to find out more.
THIRD PARTY REGISTRATION
Lumify Work offers certification and training as a VMware Education Reseller Partner (VERP). This arrangement requires Lumify Work to provide your details to VMware for course and/or exam registration purposes.
FREE E-BOOK: The New Era of Cloud Computing
We've created this e-book to assist you on your cloud journey, from defining the optimal cloud infrastructure and choosing a cloud platform, to security in the cloud and the core challenges in moving to the cloud.
Terms & Conditions
The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.
Request Course Information
By submitting an enquiry, you agree to our privacy policy and receiving email and other forms of communication from us. You can opt-out at any time.
