Plan Your Development—Cb Protection


Development Path

Course Description

Cb Protection Administrator provides an in-depth, technical understanding of the Cb Protection system through comprehensive coursework and hands-on scenario-based labs. This course will prepare the learner to configure and maintain the system according to their organization’s security posture and organizational policies.

This course is intended for the Cb Protection Administrator responsible for the configuration and maintenance of the Cb Protection system according to their organization’s security posture and operational policies. This person may lead, or be a member of, the installation and configuration team. Each implementation of Cb Protection typically has one Administrator, although many organizations could have multiple administrators.

Course Approach: This course blends asynchronous, on-demand learning modules and live, virtual, instructor-led training. You are required to complete the first two asynchronous modules, Introduction and Getting Started, in order to be successful in the full-day instructor-led training. This course is required for every Cb Protection implementation and for Carbon Black Partners.

Duration: 8 hours

Prerequisites: None

Recommended Follow-Up Courses: Cb Protection Rules and Cb Protection Diagnostics and Troubleshooting


Syllabus
DOWNLOAD SYLLABUS

On-Deman Modules
Introduction - REQUIRED
System Benefits
Operating Environment Requirements
Architecture and Workflow
File Hashing
Server Installation
Getting Started - REQUIRED
Server Installation
Console Overview
Login Accounts and Groups
Integrations
Unified Management

Instructor-led Training
Login Accounts and Groups
Policies
Modes and Enforcement Levels
Notifiers
Computer Details
Automatic Local Approval
Local Approval and Timed Policy Override
Software Approvals
Custom Rules
Tools
Meters and Alerts
Events
Baseline Drift

Course Description

Cb Protection Rules, when properly used, lighten the workload of a Carbon Black Protection Administrator by having the system take action when specific conditions are met. However, if rules are too broad or too specific, too complex or not complex enough, they may not do exactly what you intended and may allow or prohibit things you did not want to be impacted. In addition, excessive rules or excessively complex rules can impact your system performance.

Cb Protection Rules is an advanced, half-day course during which we review the parameters that drive rules in Carbon Black Protection and showcase best practices and lessons learned to optimize your own use of rules.

Duration: 4 hours

Prerequisites: Cb Protection Administrator or Cb Protection Introductory Analyst

Recommended Follow-Up Courses: Cb Protection Diagnostics and Troubleshooting


Syllabus
DOWNLOAD SYLLABUS

Overview
Why custom rules are used

Custom Rules Basics
Default Custom Rules View
Execute Action Options
Write Action Options
Precedence
Specifying Paths
Specify Multiple Paths or Processes
Specify a Directory, with Sub-Directories
Specify a File or Process
Specify a Local Drive
Specify a UNC Path
Use Macros
Exporting and Importing Rules

Custom Rules Best Practices
The Custom Rule Triad
How Rules Multiply
Installers

Rule Types
File Creation Control
Execution Control
Trusted Path
File Integrity Control
Performance Optimization

Optimizing Custom Rules
Using Events to Drive Custom Rules
Tips for Exporting and Analyzing Events
Expert Advice on Custom Rules

Event Rules
Overview
Creating and Editing Event Rules
Applying Event Rules
Testing a Rule Before Enabling
Re-Applying a New Event Rule to Past Events
Enabling, Disabling, and Deleting Event Rules
Disabling Processing of All Event Rules
Pending Events
File and Process Properties in Event Rule Definitions
Banning Files Not Yet in Your Environment
How Event Rule Approvals Affect Endpoints

Customer Support
Contact Information
User eXchange

Course Description

Cb Protection Diagnostics and Troubleshooting is an advanced, half-day course for experienced users to explore diagnostic components, tools, and common issues for both the Cb Protection Server and the Cb Protection Agent. The Cb Protection Agent troubleshooting section will focus on the Windows Agent. The course presents real-life troubleshooting scenarios, drawn from the experience of top Carbon Black field consultants. Attendees of this advanced course will discover what tools are recommended for uncovering issues, identifying flaws in other software, or tackling unexpected behavior.

Duration: 4 hours

Prerequisites: Cb Protection Administrator or Cb Protection Introductory Analyst

Recommended Follow-Up Courses: Cb Protection Rules


Syllabus
DOWNLOAD SYLLABUS

Overview
Architecture and Workflow

General System Consideration
Platform Issues
Agent Issues
Uncovering Unexpected Root Causes
Bisecting the System

Server Capabilities
Major Components
Application Server
Parityserver.exe
Parityreporter.exe
Web Console
Single Database
Tools
Events
System Health Dashboard
Logs
MS SQL Management Studio
Scripts
Tools for Specific Tasks
Common Issues
Scenarios and Solutions

Agent Capabilities
Major Components
Kernel Filter Driver (parity.sys)
User-Space Agent Program (parity.exe)
Agent Cache (cache.db)
Tools
Computer Details
DASCLI
Common Issues
Scenarios and Solutions

Customer Support
Contact Information
User eXchange

Need to Enroll?

Enroll Now

Last modified: Friday, October 5, 2018, 12:16 PM