Campaign tracking for Beginners
RCCE students will learn threat actor campaign tracking including activity clustering, attribution analysis, infrastructure tracking, and campaign timeline reconstruction. RCCE students will learn to identify and track related threat activity across incidents, cluster threat actor campaigns using technical indicators, behavioral patterns, and targeting profiles, maintain campaign timelines and infrastructure databases, perform attribution analysis using diamond model and other analytic frameworks, produce campaign intelligence reports that inform defensive priorities, share campaign intelligence with trusted partners and ISACs, and update detections based on evolving campaign TTPs. Designed for students with no prior experience in this area, this course builds knowledge from the ground up with clear explanations, guided demonstrations, and progressive skill-building. Starting from foundational concepts, RCCE students will learn core concepts through practical examples that connect theory to real-world security operations. By completion, students will have the foundational knowledge and hands-on confidence needed to contribute in professional cybersecurity roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Campaign tracking for Beginners
- Execute hands-on tasks for campaign tracking
- Execute hands-on tasks for learning objectives — covering Recognize related threat activity across incidents.
- Execute hands-on tasks for cluster campaigns — covering Group threat actor activity using indicators and.
- Execute hands-on tasks for maintain timelines — covering Build campaign timelines and infrastructure.
- Execute hands-on tasks for identify and track — covering Recognize related threat activity across incidents.
- Execute hands-on tasks for perform attribution — covering Apply Diamond Model and analytic frameworks.
- Execute hands-on tasks for produce reports — covering Create campaign intelligence for defensive priorities.
- Execute hands-on tasks for share intelligence — covering Distribute findings via ISACs and trusted partners.
- Execute hands-on tasks for what is campaign tracking?
- Execute hands-on tasks for why it matters — covering Reveals adversary intent and capabilities, Enables proactive defense posture.
- Execute hands-on tasks for who does this work — covering CTI analysts in SOC teams, Threat hunting teams.
- Execute hands-on tasks for cti analysts in soc teams — covering Threat hunting teams.
| Module 01 | Campaign Tracking |
| Module 02 | Learning Objectives |
| Module 03 | Cluster Campaigns |
| Module 04 | Maintain Timelines |
| Module 05 | Identify and Track |
| Module 06 | Perform Attribution |
| Module 07 | Produce Reports |
| Module 08 | Share Intelligence |
| Module 09 | What Is Campaign Tracking? |
| Module 10 | Why It Matters |
| Module 11 | Who Does This Work |
| Module 12 | CTI analysts in SOC teams |
| Module 13 | Core Concepts Overview |
| Module 14 | Intelligence Lifecycle & Campaign Tracking |
All hands-on labs run on Rocheston Rose X OS. Students practice campaign tracking for beginners by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for campaign tracking
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Execute hands-on tasks for cluster campaigns
- Lab 4: Execute hands-on tasks for maintain timelines
- Lab 5: Execute hands-on tasks for identify and track
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Campaign tracking for Beginners, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI