EDU-VCBCAR
VMware Carbon Black Cloud Audit and Remediation Training
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Course Details
Duration
1 day
Prerequisites
Complete VMware Carbon Black Cloud Fundamentals course
Target Audience
- System Administrators
- Security Operations Personnel (including analysts and managers)
Skills Gained
- Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
- Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
- Describe the use case and functionality of recommended queries
- Achieve a basic knowledge of SQL
- Describe the elements of a SQL query
- Evaluate the filtering options for queries
- Perform basic SQL queries on endpoints
- Describe the different response capabilities available from VMware Carbon Black Cloud
Course Outline
- Data Flows and Communication
- Hardware and software requirements
- Architecture
- Data flows
- Query Basics
- osquery
- Available tables
- Query scope
- Running versus scheduling
- Recommended Queries
- Use cases
- Inspecting the SQL query
- SQL Basics
- Components
- Tables
- Select statements
- Where clause
- Creating basic queries
- Filtering Results
- Where clause
- Exporting and filtering
- Basic SQL Queries
- Query creation
- Running queries
- Viewing results
- Advanced Search Capabilities
- Advanced SQL options
- Threat hunting
- Response Capabilities
- Using live response
- Product Alignment
- VMware Carbon Black Cloud Audit and Remediation
- VMware Carbon Black Cloud Endpoint™ Advanced
- VMware Carbon Black Cloud Endpoint™ Enterprise