LUMIFY work VMware Carbon Black EDR User Guide
- June 16, 2024
- Lumify Work
Table of Contents
LUMIFY work VMware Carbon Black EDR User Guide
VMWARE AT LUMIFY WORK
VMware is the world leader in server virtualisation technologies. Lumify Work
is a VMware Education Reseller Partner (VERP), offering training in vSphere,
vRealize, vSAN, Horizon, NSX-T, Workspace ONE, Carbon Black, and other VMware
technologies and platforms
WHY STUDY THIS COURSE
This course provides you with the knowledge, skills, and tools to achieve competency in installing, configuring, and managing the VMware Carbon Black® EDR™ environment. This course introduces you to product features, capabilities, and workflows for managing endpoint security. Hands-on labs enable learners to reinforce topics by performing operations and tasks within the product in a training environment.
Product Alignment
- VMware Carbon Black® EDR™ 7.7
WHAT YOU’LL LEARN
By the end of the course, you should be able to meet the following objectives:
- Describe the architecture of a Carbon Black EDR implementation
- Perform the installation, upgrade, and configuration of the Carbon Black EDR server
- Describe the purpose and use of multiple datastores in the server
- Perform live queries across endpoints to gather additional data
- Perform effective searches across the dataset to find security artifacts
- related to the endpoints
- Manage Threat Intelligence Feeds and Watchlists
- Describe connectors in Carbon Black EDR
- Troubleshoot server and sensor problems
- Analyse data found in the Heads-Up Display
- Manage investigations to group and summarise security incidents and artifacts
- Perform the different response capabilities available to users in Carbon Black EDR
- Use the Carbon Black EDR API to automate tasks
My instructor was great being able to put scenarios into real world instances that related to my specific situation.
I was made to feel welcome from the moment I arrived and the ability to sit as a group outside the classroom to discuss our situations and our goals was extremely valuable.
I learnt a lot and felt it was important that my goals by attending this course were met.
Great job Lumify Work team
AMANDA NICOL
IT SUPPORT SERVICES MANAGER – HEALTH WORLD LIMIT ED
COURSE SUBJECTS
Course Introduction
- Introductions and course logistics
- Course objectives
Planning and Architecture
- Describe the architecture and components of Carbon Black EDR
- Identify the communication requirements for Carbon Black EDR
Server Installation, Upgrade, and Administration
- Install the Carbon Black EDR server
- Describe the options during the installation process
- Install a Carbon Black EDR sensor
- Confirm data ingestion in the Carbon Black EDR server
- Identify built-in administration tools
- Manage sensor groups
- Manage users and teams
Server Datastores
- Describe the datastores used in Carbon Black EDR
- Interact with the available datastores
Live Query
- Describe live query capabilities
- Perform queries across endpoints
Searching and Best Practices
- Describe the capabilities and data available in the process search
- Perform process searches to find specific endpoint activity
- Describe the capabilities and data available in the binary search
- Perform binary searches to find application data
- Describe the query syntax and advanced use cases
- Perform advanced queries across the dataset
Threat Intelligence Feeds and Watchlists
- Define Threat Intelligence Feeds
- Manage the available Threat Intelligence Feeds
- Describe the use of Watchlists
- Manage Watchlists in the environment
Connectors in Carbon Black EDR
- Configure connectors in Carbon Black EDR
- Troubleshoot connectors
Troubleshooting
- Identify the available troubleshooting scripts in the Carbon Black EDR server
- Run troubleshooting scripts to identify problems
- Generate a sensor log bundle
- Identify the location of sensor registry keys
Head-Up Display
- Identify panels relating to endpoint data
- Analyse endpoint data provided by the panels
- Identify panels relating to operations data
- Analyse operations data provided by the panels
- Identify panels relating to server data
- Analyse server data provided by the panels
- Define alert generation in Carbon Black EDR
- Manage alerts
Investigations
- Describe investigations
- Explore data used in an investigation
- Manage investigations
- Manage investigation events
Responding to Endpoint Incidents
- Describe isolation in Carbon Black EDR
- Manage isolating endpoints
- Describe live response capabilities
- Manage live response sessions
- Describe hash banning
- Manage banned hashes
Overview of Postman and the Carbon Black EDR API
- Explain the use of the API
- Differentiate the APIs available for Carbon Black EDR
- Explain the purpose of API tokens
- Create an API token
- Explain the API URL
- Create a valid API request
- Import a collection to Postman
- Initiate an API request from Postman
- Perform operations manually using Postman
- Analyse the use cases for Postman
- Show basic automation tasks using the API and curl
- Compare the usage of curl with Postman
WHO IS THE COURSE FOR?
- Security analyst, threat hunters, or incident responders
- Security professionals who work with enterprise and endpoint security tools
PREREQUISITES
There are no prerequisites for this course. he s upply of this cours e by Lumify Work is governed by the booking terms and conditions . Pleas e read the terms and conditions carefully before enrolling inthis cours e, as enrolment inthe cours e is conditionalonacceptance of thes e terms and conditions
https://www.lumifywork.com/en-nz/courses/vmware-carbon-black-edr-install- configure-manage/
Call 0800 835 835 and speak to a Lumify Work Consultant today!
[email protected]
linkedin.com/company/lumify-work-nz
References
- Lumify Work | Lumify Work AU
- Lumify Work | Lumify Work AU
- VMware Carbon Black EDR: Install, Configure, Manage | Lumify Work NZ