VMware Carbon Black Cloud Audit and Remediation (EDU-VCBCAR)

This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.


Objectives

By the end of the course, you should be able to meet the following objectives:

  • Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
  • Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
  • Describe the use case and functionality of recommended queries
  • Achieve a basic knowledge of SQL
  • Describe the elements of a SQL query
  • Evaluate the filtering options for queries
  • Perform basic SQL queries on endpoints
  • Describe the different response capabilities available from VMware Carbon Black Cloud

 

Intended Audience

System administrators and security operations personnel, including analysts and managers

 

Prerequisites

This course requires completion of the following course:

  • VMware Carbon Black Cloud Fundamentals

 

Product Alignment

  1. VMware Carbon Black Cloud Audit and Remediation
  2. VMware Carbon Black Cloud Endpoint™ Advanced
  3. VMware Carbon Black Cloud Endpoint™ Enterprise
Details anzeigen


Course Outline

1 Course Introduction

  • Introductions and course logistics
  • Course objectives

2 Data Flows and Communication

  • Hardware and software requirements
  • Architecture
  • Data flows

3 Query Basics

  • osquery
  • Available tables
  • Query scope
  • Running versus scheduling

4 Recommended Queries

  • Use cases
  • Inspecting the SQL query

5 SQL Basics

  • Components
  • Tables
  • Select statements
  • Where clause
  • Creating basic queries

6 Filtering Results

  • Where clause
  • Exporting and filtering

7 Basic SQL Queries

  • Query creation
  • Running queries
  • Viewing results

8 Advanced Search Capabilities

  • Advanced SQL options
  • Threat hunting

9 Response Capabilities

  • Using live response