VMware Carbon Black Cloud Audit and Remediation
Duration
1 Day
Price
750,00 €
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and RemediationTM product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Learning Objectives
By the end of the course, you should be able to meet the following objectives:
- Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
- Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
- Describe the use case and functionality of recommended queries
- Achieve a basic knowledge of SQL
- Describe the elements of a SQL query
- Evaluate the filtering options for queries
- Perform basic SQL queries on endpoints
- Describe the different response capabilities available from VMware Carbon Black Cloud
-
-
-
Course Outline
1 - Course Introduction
- Introductions and course logistics
- Course objectives
2 - Data Flows and Communication
- Hardware and software requirements
- Architecture
- Data flows
3 - Query Basics
- Osquery
- Available tables
- Query scope
- Running versus scheduling
4 - Recommended Queries
- Use cases
- Inspecting the SQL query
5 - SQL Basics
- Components
- Tables
- Select statements
- Where clause
- Creating basic queries
6 - Filtering Results
- Where clause
- Exporting and filtering
7 - Basic SQL Queries
- Query creation
- Running queries
- Viewing results
8 - Advanced Search Capabilities
- Advanced SQL options
- Threat hunting
9 - Response Capabilities
Target Audience
System administrators and security operations personnel, including analysts and managers