VMware Carbon Black Cloud Audit and Remediation
| Summary: |
    
- Formats:
Classroom,
Live Online,
vFlex-ILT,
Onsite
- Length: 1 Days
Overview:
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
This course is also available in an On Demand format. For more information, select this link: VMware Carbon Black Cloud Audit and Remediation - On Demand. Product Alignment • VMware Carbon Black Cloud Audit and Remediation • VMware Carbon Black Cloud Endpoint™ Advanced • VMware Carbon Black Cloud Endpoint™ Enterprise |
|
| Objectives: | By the end of the course, you should be able to meet the following objectives: • Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation • Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication • Describe the use case and functionality of recommended queries • Achieve a basic knowledge of SQL • Describe the elements of a SQL query • Evaluate the filtering options for queries • Perform basic SQL queries on endpoints • Describe the different response capabilities available from VMware Carbon Black Cloud |
|
| Intended Audience: | System administrators and security operations personnel, including analysts and managers | |
| Prerequisites: | This course requires completion of the following course: • VMware Carbon Black Cloud Fundamentals |
|
| Outline: | 1 Course Introduction • Introductions and course logistics • Course objectives 2 Data Flows and Communication • Hardware and software requirements • Architecture • Data flows 3 Query Basics • osquery • Available tables • Query scope • Running versus scheduling 4 Recommended Queries • Use cases • Inspecting the SQL query 5 SQL Basics • Components • Tables • Select statements • Where clause • Creating basic queries 6 Filtering Results • Where clause • Exporting and filtering 7 Basic SQL Queries • Query creation • Running queries • Viewing results 8 Advanced Search Capabilities • Advanced SQL options • Threat hunting 9 Response Capabilities • Using live response |
|
