1. Course Introduction

• Introductions and course logistics
• Course objectives

 

1. VMware Carbon Black EDR & Incident Response

• Framework identification and process

 

1. Preparation

• Implement the Carbon Black EDR instance according to organizational requirements

 

1. Identification

• Use initial detection mechanisms
• Process alerts
• Proactive threat hunting
• Incident determination

 

1. Containment

• Incident scoping
• Artifact collection
• Investigation

 

1. Eradication

• Hash banning
• Removing artifacts
• Continuous monitoring

 

1. Recovery

• Rebuilding endpoints
• Getting to a more secure state

 

1. Lessons Learned

• Tuning Carbon Black EDR
• Incident close out