This one-day course teaches you how to use the advanced features of the VMware Carbon Black® EDR™ product. This usage includes gaining access to the Linux server for management and troubleshooting in addition to configuring integrations and using the API. This course provides an in-depth, technical understanding of the Carbon Black EDR product through comprehensive coursework and hands-on scenario-based labs. This class focuses exclusively on advanced technical topics related to the technical back-end configuration and maintenance.
Instructor
VMware Carbon Black EDR Advanced Administrator Training Course
Curriculum
Master threat hunting & incident response with VMware Carbon Black EDR Advanced Administrator Training. Gain hands-on expertise & industry-recognized certification.
The VMware Carbon Black EDR Advanced Administrator course is an in-depth training program designed for IT professionals who aim to master the administration of the VMware Carbon Black EDR platform. This course provides a comprehensive overview of the Architecture, server datastores, API integration, Threat intelligence feeds, syslog integration, and Troubleshooting techniques.Starting with course logistics and objectives, participants will understand what to expect and what they will achieve. The Architecture module delves into data flows, sizing, and communication channels, ensuring the system is scaled and secured appropriately. Server datastores cover the maintenance of critical databases and storage configurations. Through the EDR API lessons, learners will gain proficiency in automating and integrating with the EDR platform.Learners will also explore Threat intelligence feeds, understanding how to enhance security with custom feeds. Syslog integration is crucial for centralizing alerts and integrating with SIEM systems. Finally, the troubleshooting module equips administrators with the skills to diagnose and resolve issues efficiently.By the end of this course, learners will be adept at managing and optimizing the VMware Carbon Black EDR environment, contributing to their organization's cybersecurity resilience.
Course Objectives
By the end of the course, you should be able to:
Describe the components and capabilities of the Carbon Black EDR server.
Identify the architecture and data flows for Carbon Black EDR communication.
Identify the architecture for a cluster configuration and Carbon Black EDR cluster communication.
Describe the Carbon Black EDR server data types and data locations.
Use the API to interact with the Carbon Black EDR server without using the UI.
Create custom threat feeds for use in the Carbon Black EDR server.
Perform integration with a syslog server.
Use different server-side scripts for troubleshooting.
Troubleshoot sensor-side configurations and communication.
Who Can Benefit
System administrators.
Security operations personnel.
Analysts.
Managers.
Prerequisites
This course requires completion of the following:
VMware Carbon Black EDR Administrator.
Course Outline:
1. Course Introduction
Introductions and course logistics
Overview of course objectives
2. Architecture
Understanding data flows and channels within the EDR framework
Considering sizing requirements for optimal performance
Identifying communication channels and ports used by the system
3. Server Datastores
Overview of the SOLR database and its role in EDR
Configuring storage settings and managing data aging
Exploring partition states for effective data management
Introduction to Postgres and its significance in the architecture
Understanding the Modulestore and its functionalities
4. EDR API
Overview of CBAPI (Carbon Black API) for interaction with EDR
Learning how to view API calls directly in the browser
Utilizing the API to access and manipulate data effectively
5. Threat Intelligence Feeds
Understanding the structure of threat intelligence feeds
Identifying report indicator types for better analysis
Creating and adding custom threat feeds to enhance detection capabilities
6. Syslog Integration
Exploring SIEM (Security Information and Event Management) support for EDR
Configuring syslog integration for effective data collection and analysis
7. Troubleshooting
Utilizing server-side scripts for diagnosing issues
Analyzing server logs for troubleshooting insights
Understanding sensor operations to ensure optimal performance
The VMware Carbon Black EDR Advanced Administrator course is an in-depth training program designed for IT professionals who aim to master the administration of the VMware Carbon Black EDR platform. This course provides a comprehensive overview of the Architecture, server datastores, API integration, Threat intelligence feeds, syslog integration, and Troubleshooting techniques.Starting with course logistics and objectives, participants will understand what to expect and what they will achieve. The Architecture module delves into data flows, sizing, and communication channels, ensuring the system is scaled and secured appropriately. Server datastores cover the maintenance of critical databases and storage configurations. Through the EDR API lessons, learners will gain proficiency in automating and integrating with the EDR platform.Learners will also explore Threat intelligence feeds, understanding how to enhance security with custom feeds. Syslog integration is crucial for centralizing alerts and integrating with SIEM systems. Finally, the troubleshooting module equips administrators with the skills to diagnose and resolve issues efficiently.By the end of this course, learners will be adept at managing and optimizing the VMware Carbon Black EDR environment, contributing to their organization's cybersecurity resilience.
Course Objectives
By the end of the course, you should be able to:
Describe the components and capabilities of the Carbon Black EDR server.
Identify the architecture and data flows for Carbon Black EDR communication.
Identify the architecture for a cluster configuration and Carbon Black EDR cluster communication.
Describe the Carbon Black EDR server data types and data locations.
Use the API to interact with the Carbon Black EDR server without using the UI.
Create custom threat feeds for use in the Carbon Black EDR server.
Perform integration with a syslog server.
Use different server-side scripts for troubleshooting.
Troubleshoot sensor-side configurations and communication.
Who Can Benefit
System administrators.
Security operations personnel.
Analysts.
Managers.
Prerequisites
This course requires completion of the following:
VMware Carbon Black EDR Administrator.
Course Outline:
1. Course Introduction
Introductions and course logistics
Overview of course objectives
2. Architecture
Understanding data flows and channels within the EDR framework
Considering sizing requirements for optimal performance
Identifying communication channels and ports used by the system
3. Server Datastores
Overview of the SOLR database and its role in EDR
Configuring storage settings and managing data aging
Exploring partition states for effective data management
Introduction to Postgres and its significance in the architecture
Understanding the Modulestore and its functionalities
4. EDR API
Overview of CBAPI (Carbon Black API) for interaction with EDR
Learning how to view API calls directly in the browser
Utilizing the API to access and manipulate data effectively
5. Threat Intelligence Feeds
Understanding the structure of threat intelligence feeds
Identifying report indicator types for better analysis
Creating and adding custom threat feeds to enhance detection capabilities
6. Syslog Integration
Exploring SIEM (Security Information and Event Management) support for EDR
Configuring syslog integration for effective data collection and analysis
7. Troubleshooting
Utilizing server-side scripts for diagnosing issues
Analyzing server logs for troubleshooting insights
Understanding sensor operations to ensure optimal performance
SpireTec solutions is the latest technology enabled I.Tmanagement training company specialized in offering 1500+ courses with the state of art training facilities backed by a team of industry experts in various domains with assuring best quality services.
Since SpireTec provides 24X7 training and support for your training needs is very adaptable to your time availabilities and offers customized training programs according to your availability and time zones of your contingent.
Because SpireTec aims for the personal & professional growth of you as individual & corporate as a whole, providing training on the latest and updated versions in the designated domains.
It is preferable but not mandatory to have domain experience in the area of your interest in which you want to opt training, supported by good English communication skills, a good Wi-Fi and computer or laptop system in case you want remote training.
Spire Tec aims and ensure to offer finest and world-class training to the participants by giving them a proper counselling and a guided career path by our industry experts which leads guaranteed success for you in the corporate world.
We offer online training (1-1, Group training), Classroom training, Onsite training with state of art facilities.
We use cookies
Some cookies are essential for this site to function and cannot be turned off. Others are set to help us
understand how our service performs and is used, and to support our marketing efforts.
Learn more in our
Terms &
Privacy Policy.
Live Online Training (Duration : 08 Hours)
