COURSE LIST / COURSE BY TECHNOLOGY VENDORS / VMWARE

VMware Carbon Black EDR Advanced Administrator

Course Summary:

This one-day course teaches you how to use the advanced features of the VMware Carbon Black® EDR™ product. This usage includes gaining access to the Linux server for management and troubleshooting in addition to configuring integrations and using the API. This course provides an in-depth, technical understanding of the Carbon Black EDR product through comprehensive coursework and hands-on scenario-based labs. This class focuses exclusively on advanced technical topics related to the technical back-end configuration and maintenance.

Course Duration: 1 day

Course Content:

1 Course Introduction

Introductions and course logistics
Course objectives

2 Architecture

Data flows and channels
Sizing considerations
Communication channels and ports

3 Server Datastores

SOLR database
Storage configurations and data aging
Partition states
Postgres
Module store

4 EDR API

CBAPI overview
Viewing API calls in the browser
Utilizing the API to access data

5 Threat Intelligence Feeds

Feed structure
Report indicator types
Custom threat feed creation and addition

6 Syslog Integration

SIEM support
Configuration

7 Troubleshooting

Server-side scripts
Server logs
Sensor operations