Course Catalog  > Cloud  > VMware  > VMware Carbon Black
EDU-VCBEDRAA

VMware Carbon Black EDR Advanced Administrator Training

This one-day course teaches you how to use the advanced features of the VMware Carbon Black® EDR™ product. This usage includes gaining access to the Linux server for management and troubleshooting in addition to configuring integrations and using the API. This course provides an in-depth, technical understanding of the Carbon Black EDR product through comprehensive coursework and hands-on scenario-based labs. This class focuses exclusively on advanced technical topics related to the technical back-end configuration and maintenance.
Request Information
Request On-Site or Customized Course Info
Course Details

Duration

1 day

Prerequisites

Complete VMware Carbon Black EDR Administrator course

Target Audience

  • System Administrators
  • Security Operations personnel including analyst and managers

Skills Gained

  • Describe the components and capabilities of the Carbon Black EDR server
  • Identify the architecture and data flows for Carbon Black EDR communication
  • Identify the architecture for a cluster configuration and Carbon Black EDR cluster communication
  • Describe the Carbon Black EDR server data types and data locations
  • Use the API to interact with the Carbon Black EDR server without using the UI
  • Create custom threat feeds for use in the Carbon Black EDR server
  • Perform the integration with a syslog server
  • Use different server-side scripts for troubleshooting
  • Troubleshoot sensor-side configurations and communication
Course Outline
  • Architecture
    • Data flows and channels
    • Sizing considerations
    • Communication channels and ports
  • Server Datastores
    • SOLR database
    • Storage configurations and data aging
    • Partition states
    • Postgres
    • Modulestore
  • EDR API
    • CBAPI overview
    • Viewing API calls in the browser
    • Utilizing the API to access data
  • Threat Intelligence Feeds
    • Feed structure
    • Report indicator types
    • Custom threat feed creation and addition
  • Syslog Integration
    • SIEM support
    • Configuration
  • Troubleshooting
    • Server-side scripts
    • Server logs
    • Sensor operations
  • Product Alignment
    • VMware Carbon Black EDR