VMware Carbon Black Cloud Audit and Remediation
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization's security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Koulutusmuoto
Remote
Kesto
8 tuntia
Hinta
750 €
System administrators and security operations personnel, including analysts and managers
By the end of the course, you should be able to meet the following objectives:
- • Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
- • Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
- • Describe the use case and functionality of recommended queries
- • Achieve a basic knowledge of SQL
- • Describe the elements of a SQL query
- • Evaluate the filtering options for queries
- • Perform basic SQL queries on endpoints
- • Describe the different response capabilities available from VMware Carbon Black Cloud
This course requires completion of the following course:
- • VMware Carbon Black Cloud Fundamentals
1 Course Introduction
- • Introductions and course logistics
- • Course objectives
2 Data Flows and Communication
- • Hardware and software requirements
- • Architecture
- • Data flows
3 Query Basics
- • osquery
- • Available tables
- • Query scope
- • Running versus scheduling
4 Recommended Queries
- • Use cases
- • Inspecting the SQL query
5 SQL Basics
- • Components
- • Tables
- • Select statements
- • Where clause
- • Creating basic queries
6 Filtering Results
- • Where clause
- • Exporting and filtering
7 Basic SQL Queries
- • Query creation
- • Running queries
- • Viewing results
8 Advanced Search Capabilities
- • Advanced SQL options
- • Threat hunting
9 Response Capabilities
- • Using live response
