In this section, you will go through the experience of a SOC analyst. From here onwards, think that you did not have access to the endpoint, and yet you need to investigate what happened.
Watch VMware RICK MCELROY discussing building threat hunting into your security operations - HERE.
Let the games begin of threat hunting
A few things, you want to keep it handy for the next steps:
- Log into Carbon Black Cloud. Here are the steps.
- Make a note of your logged in TestDrive windows VDI hostname and IP. Here are the steps.
Once you know the hostname and you are logged into CB console, proceed with the next steps.