Beskrivning
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies.
This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.
Objectives
By the end of the course, you should be able to meet the following objectives:
- • Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
- • Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
- • Describe the use case and functionality of recommended queries
- • Achieve a basic knowledge of SQL
- • Describe the elements of a SQL query
- • Evaluate the filtering options for queries
- • Perform basic SQL queries on endpoints
- • Describe the different response capabilities available from VMware Carbon Black Cloud
Audience
System administrators and security operations personnel, including analysts and managers
Prerequisites
This course requires completion of the following course:
- • VMware Carbon Black Cloud Fundamentals
Programme
1 Course Introduction
- • Introductions and course logistics
- • Course objectives
2 Data Flows and Communication
- • Hardware and software requirements
- • Architecture
- • Data flows
3 Query Basics
- • osquery
- • Available tables
- • Query scope
- • Running versus scheduling
4 Recommended Queries
- • Use cases
- • Inspecting the SQL query
5 SQL Basics
- • Components
- • Tables
- • Select statements
- • Where clause
- • Creating basic queries
6 Filtering Results
- • Where clause
- • Exporting and filtering
7 Basic SQL Queries
- • Query creation
- • Running queries
- • Viewing results
8 Advanced Search Capabilities
- • Advanced SQL options
- • Threat hunting
9 Response Capabilities
- • Using live response
Recensioner
Det finns inga recensioner än.