Skip to main Content

VMware Carbon Black EDR Advanced Analyst

  • Code training VMCBEAAN
  • Duur 1 dag

Extra betaalopties

  • PSO Credits Bel: 030-6089300

Klassikale training Prijs


(excl. BTW)

Vraag een groepstraining aan Schrijf je in


Deze training is in de volgende formats beschikbaar:

  • E-learning (in je eigen tempo)

    Elektronisch leren in je eigen tempo

  • Klassikale training

    Klassikaal leren

  • Op locatie klant

    Op locatie klant

  • Virtueel leren

    Virtueel leren

Vraag deze training aan in een andere lesvorm.


Naar boven

This one-day VMware Carbon Black course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.

Product Alignment:

  • VMware Carbon Black EDR
    • Methode: Virtueel leren
    • Datum: 09 juni, 2021
    • Locatie: Virtueel-en-klassikaal
    • Taal: EN


    • Methode: Virtueel leren
    • Datum: 14 juli, 2021
    • Locatie: Virtueel-en-klassikaal
    • Taal: EN



Naar boven

Security operations personnel, including analysts and incident responders


Naar boven

By the end of the course, you should be able to meet the following objectives:

  • Utilize Carbon Black EDR throughout an incident
  • Implement a baseline configuration for Carbon Black EDR
  • Determine if an alert is a true or false positive
  • Fully scope out an attack from moment of compromise
  • Describe Carbon Black EDR capabilities available to respond to an incident
  • Create addition detection controls to increase security

Inhoud training

Naar boven

1  Course Introduction

  • Introductions and course logistics
  • Course objectives

2  VMware Carbon Black EDR & Incident Response

  • Framework identification and process

3  Preparation

  • Implement the Carbon Black EDR instance according to organizational requirements

4  Identification

  • Use initial detection mechanisms
  • Process alerts
  • Proactive threat hunting
  • Incident determination

5  Containment

  • Incident scoping
  • Artifact collection
  • Investigation

6  Eradication

  • Hash banning
  • Removing artifacts
  • Continuous monitoring

7  Recovery

  • Rebuilding endpoints
  • Getting to a more secure state

8  Lessons Learned

  • Tuning Carbon Black EDR
  • Incident close out


Naar boven

This course requires completion of the following course:

  • VMware Carbon Black EDR Administrator
Cookie Control toggle icon