VMware Carbon Black EDR Advanced Administrator
This course teaches you how to use the advanced features of the VMware Carbon Black® EDR™ product. This usage includes gaining access to the Linux server for management and troubleshooting in addition to configuring integrations and using the API.
Duration: 10-15hrs
Course Content:
Course Introduction
- Introductions and course logistics
- Course objectives
Architecture
- Data flows and channels
- Sizing considerations
- Communication channels and ports
Server Datastores
- SOLR database
- Storage configurations and data aging
- Partition states
- Postgres
- Modulestore
EDR API
- CBAPI overview
- Viewing API calls in the browser
- Utilizing the API to access data
Threat Intelligence Feeds
- Feed structure
- Report indicator types
- Custom threat feed creation and addition
Syslog Integration
- SIEM support
- Configuration
Troubleshooting
- Server-side scripts
- Server logs
- Sensor operations