-
Please Note:The acquisition of Broadcom has optimized the VMware course portfolio for the revised go-to-market strategy. In future, the focus will be on the VMware Cloud Foundation (VCF) portfolio. All courses that do not belong to this portfolio will be transferred to "End of Availability" (EOA) status on March 1, 2024. This means that this course will only be available until March.
-
This three-day, hands-on course provides you with the knowledge, skills and tools to competently install, configure and manage the VMware Carbon Black® EDR™ environment. This course will familiarize you with the product features, capabilities and workflows for managing endpoint security. Hands-on exercises allow participants to reinforce the topics by performing operations and tasks within the product in a training environment.
-
Course Contents
-
- Course Introduction
- Planning and Architecture
- Server Installation, Upgrade, and Administration
- Exploring Server Datastores
- Performing Live Query
- Searching and Best Practices
- Threat Intelligence Feeds and Watchlists
- Connectors in VMware Carbon Black EDR
- Troubleshooting VMware Carbon Black EDR
- Head-Up Display Page Overview
- Performing Investigations
- Responding to Endpoint Incidents
- Overview of Postman and the VMware Carbon Black EDR API
You will receive the original course documentation from VMware as an e-book.
-
Target Group
-
- Security analysts, threat hunters or incident responders
- Security professionals working with enterprise and endpoint security tools -
Knowledge Prerequisites
-
There are no prerequisites for this course.
| 1 Course Introduction |
| • Introductions and course logistics |
| • Course objectives |
| 2 Planning and Architecture |
| • Describe the architecture and components of Carbon Black EDR |
| • Explain single and cluster server requirements |
| • Identify the communication requirements for Carbon Black EDR |
| 3 Server Installation, Upgrade, and Administration |
| • Install the Carbon Black EDR server |
| • Describe the options during the installation process |
| • Install a Carbon Black EDR sensor |
| • Confirm data ingestion in the Carbon Black EDR server |
| • Identify built-in administration tools |
| • Manage sensor groups |
| • Manage users and teams |
| 4 Exploring Server Datastores |
| • Describe the datastores used in Carbon Black EDR |
| • Interact with the available datastores |
| 5 Performing Live Query |
| • Describe live query capabilities |
| • Perform queries across endpoints |
| 6 Searching and Best Practices |
| • Describe the capabilities and data available in the process search |
| • Perform process searches to find specific endpoint activity |
| • Describe the capabilities and data available in the binary search |
| • Perform binary searches to find application data |
| • Describe the query syntax and advanced use cases |
| • Perform advanced queries across the dataset |
| 7 Threat Intelligence Feeds and Watchlists |
| • Define Threat Intelligence Feeds |
| • Manage the available Threat Intelligence Feeds |
| • Describe the use of Watchlists |
| • Manage Watchlists in the environment |
| 8 Connectors in VMware Carbon Black EDR |
| • Configure connectors in Carbon Black EDR |
| • Troubleshoot connectors |
| 9 Troubleshooting VMware Carbon Black EDR |
| • Identify the available troubleshooting scripts in the Carbon Black EDR server |
| • Run troubleshooting scripts to identify problems |
| • Generate a sensor log bundle |
| • Identify the location of sensor registry keys |
| 10 Head-Up Display Page Overview |
| • Identify panels relating to endpoint data |
| • Analyze endpoint data provided by the panels |
| • Identify panels relating to operations data |
| • Analyze operations data provided by the panels |
| • Identify panels relating to server data |
| • Analyze server data provided by the panels |
| • Define alert generation in Carbon Black EDR |
| • Manage alerts |
| 11 Performing Investigations |
| • Describe investigations |
| • Explore data used in an investigation |
| • Manage investigations |
| • Manage investigation events |
| 12 Responding to Endpoint Incidents |
| • Describe isolation in Carbon Black EDR |
| • Manage isolating endpoints |
| • Describe live response capabilities |
| • Manage live response sessions |
| • Describe hash banning |
| • Manage banned hashes |
| 13 Overview of Postman and the VMware Carbon Black EDR API |
| • Explain the use of the API |
| • Differentiate the APIs available for Carbon Black EDR |
| • Explain the purpose of API tokens |
| • Create an API token |
| • Explain the API URL |
| • Create a valid API request |
| • Import a collection to Postman |
| • Initiate an API request from Postman |
| • Perform operations manually using Postman |
| • Analyze the use cases for Postman |
| • Show basic automation tasks using the API and curl |
| • Compare the usage of curl with Postman |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Please Note:The acquisition of Broadcom has optimized the VMware course portfolio for the revised go-to-market strategy. In future, the focus will be on the VMware Cloud Foundation (VCF) portfolio. All courses that do not belong to this portfolio will be transferred to "End of Availability" (EOA) status on March 1, 2024. This means that this course will only be available until March.
-
This three-day, hands-on course provides you with the knowledge, skills and tools to competently install, configure and manage the VMware Carbon Black® EDR™ environment. This course will familiarize you with the product features, capabilities and workflows for managing endpoint security. Hands-on exercises allow participants to reinforce the topics by performing operations and tasks within the product in a training environment.
-
Course Contents
-
- Course Introduction
- Planning and Architecture
- Server Installation, Upgrade, and Administration
- Exploring Server Datastores
- Performing Live Query
- Searching and Best Practices
- Threat Intelligence Feeds and Watchlists
- Connectors in VMware Carbon Black EDR
- Troubleshooting VMware Carbon Black EDR
- Head-Up Display Page Overview
- Performing Investigations
- Responding to Endpoint Incidents
- Overview of Postman and the VMware Carbon Black EDR API
You will receive the original course documentation from VMware as an e-book.
-
Target Group
-
- Security analysts, threat hunters or incident responders
- Security professionals working with enterprise and endpoint security tools -
Knowledge Prerequisites
-
There are no prerequisites for this course.
| 1 Course Introduction |
| • Introductions and course logistics |
| • Course objectives |
| 2 Planning and Architecture |
| • Describe the architecture and components of Carbon Black EDR |
| • Explain single and cluster server requirements |
| • Identify the communication requirements for Carbon Black EDR |
| 3 Server Installation, Upgrade, and Administration |
| • Install the Carbon Black EDR server |
| • Describe the options during the installation process |
| • Install a Carbon Black EDR sensor |
| • Confirm data ingestion in the Carbon Black EDR server |
| • Identify built-in administration tools |
| • Manage sensor groups |
| • Manage users and teams |
| 4 Exploring Server Datastores |
| • Describe the datastores used in Carbon Black EDR |
| • Interact with the available datastores |
| 5 Performing Live Query |
| • Describe live query capabilities |
| • Perform queries across endpoints |
| 6 Searching and Best Practices |
| • Describe the capabilities and data available in the process search |
| • Perform process searches to find specific endpoint activity |
| • Describe the capabilities and data available in the binary search |
| • Perform binary searches to find application data |
| • Describe the query syntax and advanced use cases |
| • Perform advanced queries across the dataset |
| 7 Threat Intelligence Feeds and Watchlists |
| • Define Threat Intelligence Feeds |
| • Manage the available Threat Intelligence Feeds |
| • Describe the use of Watchlists |
| • Manage Watchlists in the environment |
| 8 Connectors in VMware Carbon Black EDR |
| • Configure connectors in Carbon Black EDR |
| • Troubleshoot connectors |
| 9 Troubleshooting VMware Carbon Black EDR |
| • Identify the available troubleshooting scripts in the Carbon Black EDR server |
| • Run troubleshooting scripts to identify problems |
| • Generate a sensor log bundle |
| • Identify the location of sensor registry keys |
| 10 Head-Up Display Page Overview |
| • Identify panels relating to endpoint data |
| • Analyze endpoint data provided by the panels |
| • Identify panels relating to operations data |
| • Analyze operations data provided by the panels |
| • Identify panels relating to server data |
| • Analyze server data provided by the panels |
| • Define alert generation in Carbon Black EDR |
| • Manage alerts |
| 11 Performing Investigations |
| • Describe investigations |
| • Explore data used in an investigation |
| • Manage investigations |
| • Manage investigation events |
| 12 Responding to Endpoint Incidents |
| • Describe isolation in Carbon Black EDR |
| • Manage isolating endpoints |
| • Describe live response capabilities |
| • Manage live response sessions |
| • Describe hash banning |
| • Manage banned hashes |
| 13 Overview of Postman and the VMware Carbon Black EDR API |
| • Explain the use of the API |
| • Differentiate the APIs available for Carbon Black EDR |
| • Explain the purpose of API tokens |
| • Create an API token |
| • Explain the API URL |
| • Create a valid API request |
| • Import a collection to Postman |
| • Initiate an API request from Postman |
| • Perform operations manually using Postman |
| • Analyze the use cases for Postman |
| • Show basic automation tasks using the API and curl |
| • Compare the usage of curl with Postman |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.