VMware Carbon Black EDR Advanced Analyst

This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.

Product Alignment

– VMware Carbon Black EDR


By the end of the course, you should be able to meet the following objectives:

Utilize Carbon Black EDR throughout an incident
Implement a baseline configuration for Carbon Black EDR
Determine if an alert is a true or false positive
Fully scope out an attack from moment of compromise
Describe Carbon Black EDR capabilities available to respond to an incident
Create addition detection controls to increase security

Cloud computing

Disponible en formato e-learning

Disponible en formato presencial

Disponible en formato a distancia

Subvención disponible
A través de Fundae, cumpliendo requisitos.

5 horas

  • Dificultad 50% 50%
  • Nivel alcanzado 80% 80%

Dirigido a

Security operations personnel, including analysts and incident responders

Conocimientos requeridos

This course requires completion of the following course:

VMware Carbon Black EDR Administrator


1 Course Introduction

Introductions and course logistics
Course objectives
2 VMware Carbon Black EDR & Incident Response

Framework identification and process
3 Preparation

Implement the Carbon Black EDR instance according to organizational requirements
4 Identification

Use initial detection mechanisms
Process alerts
Proactive threat hunting
Incident determination
5 Containment

Incident scoping
Artifact collection
6 Eradication

Hash banning
Removing artifacts
Continuous monitoring
7 Recovery

Rebuilding endpoints
Getting to a more secure state
8 Lessons Learned

Tuning Carbon Black EDR
Incident close out

Solicita información del curso

Esta web utiliza cookies propias y de terceros para su correcto funcionamiento y para fines analíticos. Contiene enlaces a sitios web de terceros con políticas de privacidad ajenas que podrás aceptar o no cuando accedas a ellos. Al hacer clic en el botón Aceptar, acepta el uso de estas tecnologías y el procesamiento de tus datos para estos propósitos. Ver Política de cookies