VMware Carbon Black EDR Advanced Analyst

Registration for this class is closed..
Find Other Offerings
Course Description
Course Datasheet
Live Online (1 Day)   English
03 Nov 2021 09:00 AM
(GMT) Greenwich Mean Time (Europe/London)
Registration Close: 03 Nov 2021
GUARANTEED TO RUN - PLEASE NOTE: VIRTUAL/REMOTE STUDENTS MUST PROVIDE THEIR OWN HEADSET AND WEBCAM FOR THIS COURSE. This class is delivered using electronic books ONLY. No printed material will be provided with this class. You will receive a redemption code with instructions on how to download the eBook no later than 3 days before the class is scheduled to start. Please ensure this is complete before the class starts.
VMware Learning
This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.

This course is also available in an On Demand format. For more information, select this link:  VMware Carbon Black EDR Advanced Analyst - On Demand.

Product Alignment
•  VMware Carbon Black EDR

Objectives:   By the end of the course, you should be able to meet the following objectives:
•  Utilize Carbon Black EDR throughout an incident
•  Implement a baseline configuration for Carbon Black EDR
•  Determine if an alert is a true or false positive
•  Fully scope out an attack from moment of compromise
•  Describe Carbon Black EDR capabilities available to respond to an incident
•  Create addition detection controls to increase security
Intended Audience:   Security operations personnel, including analysts and incident responders
Prerequisites:   This course requires completion of the following course:
•  VMware Carbon Black EDR Administrator
Outline:   1  Course Introduction
•  Introductions and course logistics
•  Course objectives

2  VMware Carbon Black EDR & Incident Response
•  Framework identification and process

3  Preparation
•  Implement the Carbon Black EDR instance according to organizational requirements

4  Identification
•  Use initial detection mechanisms
•  Process alerts
•  Proactive threat hunting
•  Incident determination

5  Containment
•  Incident scoping
•  Artifact collection
•  Investigation

6  Eradication
•  Hash banning
•  Removing artifacts
•  Continuous monitoring

7  Recovery
•  Rebuilding endpoints
•  Getting to a more secure state

8  Lessons Learned
•  Tuning Carbon Black EDR
•  Incident close out