VMware Carbon Black EDR Advanced Analyst Course Overview

This course will teach the participants of how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with practical labs.

Audience

  • Security operations personnel
  • Security analysts
  • Incident responders

This is a Rare Course and it can be take up to 3 weeks to arrange the training.

  • 1. Do you have limited Window for training?
  • 2. Can you only spend 4-hours per day?
  • 3. Do you want to start training immediately?
  • If your answer is yes to any one of the above, you need 1-on-1- Training
The 1-on-1 Advantage
Methodology
Flexible Dates
4-Hour Sessions
  • View video
  • The course will be free if we are not able to start within 7 days of booking.
  • Only applicable for courses on which this logo appears.

Your will learn:

Module 1: Course Introduction
  • Introductions and course logistics
  • Course objectives
  • Framework identification and process
  • Implement the Carbon Black EDR instance according to organizational requirements
  • Use initial detection mechanisms
  • Process alerts
  • Proactive threat hunting
  • Incident determination
  • Incident scoping
  • Artifact collection
  • Investigation
  • Hash banning
  • Removing artifacts
  • Continuous monitoring
  • Rebuilding endpoints
  • Getting to a more secure state
  • Tuning Carbon Black EDR
  • Incident close out
Live Online Training (Duration : 8 Hours) Fee On Request
Group Training Date On Request
1-on-1 Training
4 Hours
8 Hours
Week Days
Weekend

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Classroom Training
Duration : On Request
Fee : On Request
On Request
Classroom Training is available. Enquire for the fee Click
Comfort Track

If you think 16 hours is too long. We can offer Comfort Track for 8 hours

Course Prerequisites
  • Completion of VMware Carbon Black EDR Administrator

 Upon completion of this course, you will be able to accomplish:

  • Knowing to utilise the Carbon Black EDR throughout an incident
  • Implementing a baseline configuration for Carbon Black EDR
  • Knowing of how to determine if an alert is a true or false positive
  • To identify the fully scope out an attack from moment of compromise
  • Describing of the Carbon Black EDR capabilities available to respond to an incident
  • Knowing to create addition detection controls to increase security

Request More Information

Add Name and Email Address of participant (If different from you)

FAQ's


Yes, fee excludes local taxes.
The Fee includes:
  • Official courseware
Yes, Koenig Solutions is a VMware accredited training centre