This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.
Instructor
VMware Carbon Black EDR Advanced Analyst Training Course
Curriculum
Master threat hunting & incident response with VMware Carbon Black EDR Advanced Analyst Training. Gain hands-on skills to detect & mitigate cyber threats.
The VMware Carbon Black EDR Advanced Analyst course is a comprehensive program designed for security professionals who want to master the skills needed to effectively use VMware Carbon Black Endpoint Detection and Response (EDR) for Advanced threat hunting and incident response. Throughout the course, learners will be introduced to the framework and processes essential for identifying, responding to, and mitigating cyber threats.Starting with course logistics and objectives, participants will gain a foundational understanding before delving into the practical aspects of incident response using VMware Carbon Black EDR. The course covers preparation and implementation of the EDR solution, followed by identification techniques including Initial detection, Alert processing, and Proactive threat hunting.Learners will then explore containment strategies such as Incident scoping and Investigation, and move onto eradication methods including Hash banning and Artifact removal. The Recovery module teaches students how to rebuild compromised endpoints and enhance security postures. Finally, the course concludes with lessons on Tuning the EDR system and Incident closure, ensuring a holistic understanding of the incident response lifecycle. This course empowers security analysts with the advanced skills required for effective cyber defense and incident management.
Course Objectives
By the end of the course, you should be able to:
Utilize Carbon Black EDR throughout an incident.
Implement a baseline configuration for Carbon Black EDR.
Determine if an alert is a true or false positive.
Fully scope out an attack from the moment of compromise.
Describe Carbon Black EDR capabilities available to respond to an incident.
Create additional detection controls to increase security.
Who Can Benefit
Security operations personnel.
Analysts and incident responders.
Prerequisites
This course requires completion of the following:
VMware Carbon Black EDR Administrator.
Course Outline:
1. Course Introduction
Introductions and course logistics
Overview of course objectives
2. VMware Carbon Black EDR & Incident Response
Understanding the framework identification and incident response processes
3. Preparation
Implementing the Carbon Black EDR instance based on organizational requirements
4. Identification
Utilizing initial detection mechanisms
Processing alerts effectively
Engaging in proactive threat hunting
Determining incidents through analysis
5. Containment
Scoping incidents to understand their impact
Collecting relevant artifacts for investigation
Conducting thorough investigations to assess the situation
6. Eradication
Implementing hash banning to prevent further issues
Removing malicious artifacts from the environment
Establishing continuous monitoring practices
7. Recovery
Rebuilding endpoints to restore functionality
Transitioning systems to a more secure state post-incident
8. Lessons Learned
Tuning Carbon Black EDR for improved performance
Closing out incidents with comprehensive reports and analyses
The VMware Carbon Black EDR Advanced Analyst course is a comprehensive program designed for security professionals who want to master the skills needed to effectively use VMware Carbon Black Endpoint Detection and Response (EDR) for Advanced threat hunting and incident response. Throughout the course, learners will be introduced to the framework and processes essential for identifying, responding to, and mitigating cyber threats.Starting with course logistics and objectives, participants will gain a foundational understanding before delving into the practical aspects of incident response using VMware Carbon Black EDR. The course covers preparation and implementation of the EDR solution, followed by identification techniques including Initial detection, Alert processing, and Proactive threat hunting.Learners will then explore containment strategies such as Incident scoping and Investigation, and move onto eradication methods including Hash banning and Artifact removal. The Recovery module teaches students how to rebuild compromised endpoints and enhance security postures. Finally, the course concludes with lessons on Tuning the EDR system and Incident closure, ensuring a holistic understanding of the incident response lifecycle. This course empowers security analysts with the advanced skills required for effective cyber defense and incident management.
Course Objectives
By the end of the course, you should be able to:
Utilize Carbon Black EDR throughout an incident.
Implement a baseline configuration for Carbon Black EDR.
Determine if an alert is a true or false positive.
Fully scope out an attack from the moment of compromise.
Describe Carbon Black EDR capabilities available to respond to an incident.
Create additional detection controls to increase security.
Who Can Benefit
Security operations personnel.
Analysts and incident responders.
Prerequisites
This course requires completion of the following:
VMware Carbon Black EDR Administrator.
Course Outline:
1. Course Introduction
Introductions and course logistics
Overview of course objectives
2. VMware Carbon Black EDR & Incident Response
Understanding the framework identification and incident response processes
3. Preparation
Implementing the Carbon Black EDR instance based on organizational requirements
4. Identification
Utilizing initial detection mechanisms
Processing alerts effectively
Engaging in proactive threat hunting
Determining incidents through analysis
5. Containment
Scoping incidents to understand their impact
Collecting relevant artifacts for investigation
Conducting thorough investigations to assess the situation
6. Eradication
Implementing hash banning to prevent further issues
Removing malicious artifacts from the environment
Establishing continuous monitoring practices
7. Recovery
Rebuilding endpoints to restore functionality
Transitioning systems to a more secure state post-incident
8. Lessons Learned
Tuning Carbon Black EDR for improved performance
Closing out incidents with comprehensive reports and analyses
SpireTec solutions is the latest technology enabled I.Tmanagement training company specialized in offering 1500+ courses with the state of art training facilities backed by a team of industry experts in various domains with assuring best quality services.
Since SpireTec provides 24X7 training and support for your training needs is very adaptable to your time availabilities and offers customized training programs according to your availability and time zones of your contingent.
Because SpireTec aims for the personal & professional growth of you as individual & corporate as a whole, providing training on the latest and updated versions in the designated domains.
It is preferable but not mandatory to have domain experience in the area of your interest in which you want to opt training, supported by good English communication skills, a good Wi-Fi and computer or laptop system in case you want remote training.
Spire Tec aims and ensure to offer finest and world-class training to the participants by giving them a proper counselling and a guided career path by our industry experts which leads guaranteed success for you in the corporate world.
We offer online training (1-1, Group training), Classroom training, Onsite training with state of art facilities.
We use cookies
Some cookies are essential for this site to function and cannot be turned off. Others are set to help us
understand how our service performs and is used, and to support our marketing efforts.
Learn more in our
Terms &
Privacy Policy.
Live Online Training (Duration : 08 Hours)
