VMware Carbon Black EDR Advanced Analyst

This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident.

Share on facebook
Share on twitter
Share on linkedin

Overview

This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.

Prerequisites

This course requires completion of the following course:

Who Should Attend?

Security operations personnel, including analysts and incident responders

Course Outline

  •  Introductions and course logistics
  • Course objectives
  • Framework identification and process
  • Implement the Carbon Black EDR instance according to organizational requirements
  • Use initial detection mechanisms
  • Process alerts
  • Proactive threat hunting
  • Incident determination
  • Incident scoping
  • Artifact collection
  • Investigation
  • Hash banning
  • Removing artifacts
  • Continuous monitoring
  • Rebuilding endpoints
  • Getting to a more secure state
  • Tuning Carbon Black EDR
  • Incident close out

Get Brochure and Pricing

More Like This

Get the course Brochure & Pricing

Our course consultant will contact you within 1 working day

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Stay-Home-Series-main-header-v2

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Open chat