Overview
This one-day course teaches you how to use the VMware Carbon Black® Cloud Audit and Remediation™ product to build queries for IT hygiene, incident response, and vulnerability assessment to support your organization’s security posture and policies. This course provides an in-depth, technical understanding of the product through comprehensive coursework and hands-on scenario-based labs.

Objective
By the end of the course, you should be able to meet the following objectives:
• Describe the components and capabilities of VMware Carbon Black Cloud Audit and Remediation
• Identify the architecture and data flows for Carbon Black Cloud Audit and Remediation communication
• Describe the use case and functionality of recommended queries
• Achieve a basic knowledge of SQL
• Describe the elements of a SQL query
• Evaluate the filtering options for queries
• Perform basic SQL queries on endpoints
• Describe the different response capabilities available from VMware Carbon Black Cloud

Outline
1 Course Introduction
• Introductions and course logistics
• Course objectives

2 Data Flows and Communication
• Hardware and software requirements
• Architecture
• Data flows

3 Query Basics
• osquery
• Available tables
• Query scope
• Running versus scheduling

4 Recommended Queries
• Use cases
• Inspecting the SQL query

5 SQL Basics
• Components
• Tables
• Select statements
• Where clause
• Creating basic queries

6 Filtering Results
• Where clause
• Exporting and filtering

7 Basic SQL Queries
• Query creation
• Running queries
• Viewing results

8 Advanced Search Capabilities
• Advanced SQL options
• Threat hunting

9 Response Capabilities
• Using live response