VMware Carbon Black Portfolio: Configure and Manage (CBCM)

 

Course Overview

This 5-day course teaches you how to install, configure, and manage the VMware Carbon Black® Portfolio suite of products, which include:

  • VMware Carbon Black® App Control™ Administrator
  • VMware Carbon Black® EDR™ Administrator
  • VMware Carbon Black Cloud Endpoint™ Standard
  • VMware Carbon Black® Cloud Audit and Remediation
  • VMware Carbon Black® Cloud Enterprise EDR™

You learn how to use the capabilities of the products according to the organization’s security posture and organizational policies. This course provides an in-depth, technical understanding of the Carbon Black Portfolio through comprehensive coursework, hands-on labs, and scenario-based exercises.

Product Alignment
  • VMware Carbon Black App Control
  • VMware Carbon Black EDR
  • VMware Carbon Black Cloud Endpoint Standard
  • VMware Carbon Black Cloud Endpoint Advanced
  • VMware Carbon Black Cloud Endpoint Enterprise
  • VMware Carbon Black Cloud Audit and Remediation

Who should attend

System administrators and security operations personnel (including analysts and managers)

Certifications

This course is part of the following Certifications:

Prerequisites

System administration experience on Microsoft Windows or Linux operating systems

Course Objectives

By the end of the course, you should be able to meet the following objectives:

  • Describe the components and capabilities of Carbon Black App Control
  • Manage and configure the Carbon Black App Control server based on organizational requirements
  • Create policies to control enforcement levels and agent functionality
  • Implement rules to support the organization’s security posture
  • Use the Carbon Black App Control tools to understand agent and server data
  • Describe the components and capabilities of the Carbon Black EDR server
  • Identify the architecture and data flows for Carbon Black EDR communication
  • Describe the Carbon Black EDR server installation process
  • Manage and configure the Carbon Black EDR server based on organizational requirements
  • Perform searches across process and binary information
  • Implement threat intelligence feeds and create watchlists for automated notifications
  • Describe the different response capabilities available from the Carbon Black EDR server
  • Use investigations to correlate data between multiple processes
  • Describe the components and capabilities of Carbon Black Cloud Endpoint Standard
  • Identify the architecture and data flows for VMware Carbon Black Cloud products
  • Perform searches across endpoint data to discover suspicious behavior
  • Manage the Carbon Black Cloud Endpoint Standard rules based on organizational requirements
  • Configure rules to address common threats
  • Evaluate the impact of rules on endpoints
  • Process and respond to alerts
  • Describe the different response capabilities available from VMware Carbon Black Cloud
  • Describe the components and capabilities of Carbon Black Cloud Enterprise EDR
  • Perform searches across endpoint data to discover suspicious behavior
  • Manage watchlists to augment the functionality of Carbon Black Cloud Enterprise EDR
  • Create custom watchlists to detect suspicious activity in your environment
  • Describe the process for responding to alerts in Carbon Black Cloud Enterprise EDR
  • Discover malicious activity within Carbon Black Cloud Enterprise EDR
  • Describe the different response capabilities available from VMware Carbon Black Cloud
  • Describe the components and capabilities of Carbon Black Cloud Audit and Remediation
  • Describe the use case and functionality of recommended queries
  • Achieve a basic knowledge of SQL
  • Describe the elements of a SQL query
  • Evaluate the filtering options for queries
  • Perform basic SQL queries on endpoints
  • Describe the different response capabilities available from VMware Carbon Black Cloud

Course Content

Course Introduction
  • Introductions and course logistics
  • Course objectives
VMware Carbon Black App Control Administrator
  • Login Accounts and Groups
  • Policies
  • Computer Details
  • Custom Rules
  • Tools
  • Events
  • Baseline Drift
VMware Carbon Black EDR
  • Planning and Architecture
  • Server Installation & Administration
  • Process Search and Analysis
  • Binary Search and Banning Binaries
  • Search best practices
  • Threat Intelligence
  • Watchlists
  • Alerts / Investigations / Responses
VMware Carbon Black Cloud Endpoint Standard
  • Data Flows and Communication
  • Searching Data
  • Policy Components
  • Prevention Capabilities Using Rules
  • Processing Alerts
  • Response Capabilities
VMware Carbon Black Cloud Enterprise EDR
  • Managing Watchlists
  • Alert Processing
  • Threat Hunting in Enterprise EDR
  • Response Capabilities
VMware Carbon Black Cloud Audit and Remediation
  • Query Basics
  • Recommended Queries
  • SQL Basics
  • Filtering Results
  • Basic SQL Queries
  • Advanced Search Capabilities
  • Response Capabilities
Online Training

Duration 5 days

Classroom Training

Duration 5 days

 

Schedule

English
11 hours difference
Online Training Time zone: Greenwich Mean Time (GMT)
Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.