PART 2: Incident Response - Expel the Enemy (included with PART 1)

This lab is Part 2 of a 2-part lab series that focuses on the entire incident response lifecycle. This lab will utilize the evidence examined from the previous lab to determine the best ways to isolate and then expel the enemy. You will leave understanding Tanium capabilities to contain and remediate an incident.

Pre-Req(s): Basic understanding of Tanium and Modules

Note: PART 1: Incident Response - Examine the Enemy and PART 2: Incident Response - Expel the Enemy are scheduled to be taken on the same day. During registration once you select PART 1: Incident Response - Examine the Enemy you will automatically be registered for PART 2: Incident Response - Expel the Enemy.

Location Name
Verbena - 4th Floor

Additional details:

Session Tag
Investigation & Remediation
Session Type
In-Person, Lab
Modules
Asset, Comply, Deploy, Enforce, Impact, Interact, Patch, Performance, Threat Response, Reporting, SBOM
Difficulty
Intermediate/Advanced
Focus
Security, Operations, Risk
Industry
Construction, Education, Entertainment, Financial Services, Government - Federal, Government - Local, Healthcare & Life Sciences, Holding Companies & Conglomerates, Insurance, Law Firms & Legal Services, Media & Internet, Media & Telecommunications, Non-Profit & Charitable Organizations, Professional & Business Services, Real Estate, Retail & Hospitality, Software & Technology, Other, Agriculture, Mining & Raw Materials, Energy, Utilities & Waste, Facilities, Lodging & Resorts, Clinics, Manufacturing, Construction & Wholesale, Trade, Transportation Service, Hospitals & Physicians