VMware Carbon Black Cloud Audit and Remediation

Registration for this class is closed..
Find Other Offerings
Course Description
Course Datasheet
Live Online (1 Day)   English
17 Sep 2020 09:00 AM
(GMT+10:00) Eastern Standard Time (New South Wales) (Australia/Sydney)
VMware Learning
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.

This course is also available in an On Demand format. For more information, select this link:  VMware Carbon Black Cloud Audit and Remediation - On Demand.

Product Alignment
•  VMware Carbon Black Cloud Audit and Remediation
•  VMware Carbon Black Cloud Endpoint™ Advanced
•  VMware Carbon Black Cloud Endpoint™ Enterprise

Objectives:   By the end of the course, you should be able to meet the following objectives:
•  Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
•  Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
•  Describe the use case and functionality of recommended queries
•  Achieve a basic knowledge of SQL
•  Describe the elements of a SQL query
•  Evaluate the filtering options for queries
•  Perform basic SQL queries on endpoints
•  Describe the different response capabilities available from VMware Carbon Black Cloud
Intended Audience:   System administrators and security operations personnel, including analysts and managers
Prerequisites:   This course requires completion of the following course:
•  VMware Carbon Black Cloud Fundamentals
Outline:   1  Course Introduction
•  Introductions and course logistics
•  Course objectives

2  Data Flows and Communication
•  Hardware and software requirements
•  Architecture
•  Data flows

3  Query Basics
•  osquery
•  Available tables
•  Query scope
•  Running versus scheduling

4  Recommended Queries
•  Use cases
•  Inspecting the SQL query

5  SQL Basics
•  Components
•  Tables
•  Select statements
•  Where clause
•  Creating basic queries

6  Filtering Results
•  Where clause
•  Exporting and filtering

7  Basic SQL Queries
•  Query creation
•  Running queries
•  Viewing results

8  Advanced Search Capabilities
•  Advanced SQL options
•  Threat hunting

9  Response Capabilities
•  Using live response