VMware Carbon Black EDR Advanced Analyst Training - Cloudthat

Course Overview

This one-day course teaches you how to use the VMware Carbon Black® EDR™ product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenario-based lab.

Product Alignment

  • VMware Carbon Black EDR

After completing this course, students will be able to:

  • Utilize Carbon Black EDR throughout an incident
  • Implement a baseline configuration for Carbon Black EDR
  • Determine if an alert is a true or false positive
  • Fully scope out an attack from moment of compromise
  • Describe Carbon Black EDR capabilities available to respond to an incident
  • Create addition detection controls to increase security

Upcoming Batches

India Online Enroll
Start Date End Date

To be Decided

Key Features

  • Our training modules have 50% -60% hands-on lab sessions to encourage Thinking-Based Learning (TBL).
  • Interactive-rich virtual and face-to-face classroom teaching to inculcate Problem-Based Learning (PBL).
  • VMware certified instructor-led training and mentoring sessions to develop Competency-Based Learning (CBL).
  • Well-structured use-cases to simulate challenges encountered in a Real-World environment.
  • Integrated teaching assistance and support through experts designed Learning Management System (LMS) and ExamReady platform.
  • Being a VMware Authorized Training Reseller, we offer authored curriculum that are at par with industry standards.

Who Should Attend

  • Security operations personnel, including analysts and incident responders.


This course requires completion of the following course:

  • VMware Carbon Black EDR Administrator
  • Course Outline Download Course Outline

    • Introductions and course logistics
    • Course objectives

    • Framework identification and process

    • Implement the Carbon Black EDR instance according to organizational requirements

    • Use initial detection mechanisms
    • Process alerts
    • Proactive threat hunting
    • Incident determination

    • Incident scoping
    • Artifact collection
    • Investigation

    • Hash banning
    • Removing artifacts
    • Continuous monitoring

    • Rebuilding endpoints
    • Getting to a more secure state

    • Tuning Carbon Black EDR
    • Incident close out


      • By earning this certification, you gain competency in handling the VMware Carbon Black® EDR™ product during incident response.
      • Also, get expertise in configuring the servers with SANS PICERL framework.
      • On successful completion of this training aspirants receive a Course Completion Certificate from us.
      • By successfully clearing the VMware Carbon Black EDR Advanced Analyst exam, aspirants earn VMware Certification.

    Our Top Trainers

    Course Fee

      Select Course date

      Add to Wishlist

      Course ID: 10080

      Course Price at

      ₹ + 18% GST

      Enroll Now