VM-VCBCAR
VMware Carbon Black Cloud Audit and Remediation
Price:
Duration:
USD 680.00 excl. VAT
1 Day
Who Should Attend
System administrators and security operations personnel,
including analysts and managers
Prerequisites
This course requires completion of the following course:
• VMware Carbon Black Cloud Fundamentals
Overview
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies.
This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Course Objectives
By the end of the course, you should be able to meet the following objectives:
• Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
• Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
• Describe the use case and functionality of recommended queries
• Achieve a basic knowledge of SQL
• Describe the elements of a SQL query
• Evaluate the filtering options for queries
• Perform basic SQL queries on endpoints
• Describe the different response capabilities available from VMware Carbon Black Cloud
Course Outline
1 Course Introduction
• Introductions and course logistics
• Course objectives
2 Data Flows and Communication
• Hardware and software requirements
• Architecture
• Data flows
3 Query Basics
• osquery
• Available tables
• Query scope
• Running versus scheduling
4 Recommended Queries
• Use cases
• Inspecting the SQL query
5 SQL Basics
• Components
• Tables
• Select statements
• Where clause
• Creating basic queries
6 Filtering Results
• Where clause
• Exporting and filtering
7 Basic SQL Queries
• Query creation
• Running queries
• Viewing results
8 Advanced Search Capabilities
• Advanced SQL options
• Threat hunting
9 Response Capabilities
• Using live response