VM-VCBEDRAAN
VMware Carbon Black EDR Advanced Analyst
![VMware_with Partners.jpg](https://static.wixstatic.com/media/38b5e1_0d5169371f1243cfba28a2dfc676eb63~mv2.jpg/v1/crop/x_17,y_0,w_190,h_132/fill/w_90,h_62,al_c,q_80,usm_0.66_1.00_0.01,enc_auto/VMware_with%20Partners.jpg)
Price:
Duration:
USD 680.00 excl. VAT
On Demand
![PDF.jpg](https://static.wixstatic.com/media/38b5e1_a0ca9b81ac4a41a386368418322896ce~mv2.jpg/v1/fill/w_43,h_40,al_c,q_80,usm_0.66_1.00_0.01,enc_auto/PDF.jpg)
![PDF Outline](https://static.wixstatic.com/media/38b5e1_70da0c4a1f7240df986aba2f67a09084~mv2.png/v1/fill/w_78,h_13,al_c,q_85,enc_auto/PDF%20Outline.png)
Who Should Attend
Security operations personnel,
including analysts and incident responders
Prerequisites
This course requires completion of the following course:
• VMware Carbon Black EDR Administrator
Overview
This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident.
This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.
Course Objectives
By the end of the course, you should be able to meet the following objectives:
• Utilize Carbon Black EDR throughout an incident
• Implement a baseline configuration for Carbon Black EDR
• Determine if an alert is a true or false positive
• Fully scope out an attack from moment of compromise
• Describe Carbon Black EDR capabilities available to respond to an incident
• Create addition detection controls to increase security
Course Outline
1 Course Introduction
• Introductions and course logistics
• Course objectives
2 VMware Carbon Black EDR & Incident Response
• Framework identification and process
3 Preparation
• Implement the Carbon Black EDR instance according to organizational requirements
4 Identification
• Use initial detection mechanisms
• Process alerts
• Proactive threat hunting
• Incident determination
![PDF.jpg](https://static.wixstatic.com/media/38b5e1_a0ca9b81ac4a41a386368418322896ce~mv2.jpg/v1/fill/w_43,h_40,al_c,q_80,usm_0.66_1.00_0.01,enc_auto/PDF.jpg)
5 Containment
• Incident scoping
• Artifact collection
• Investigation
6 Eradication
• Hash banning
• Removing artifacts
• Continuous monitoring
7 Recovery
• Rebuilding endpoints
• Getting to a more secure state
8 Lessons Learned
• Tuning Carbon Black EDR
• Incident close out