Cloud logging Threats, Tactics, and Defenses
RCCE students will learn cloud-native logging services and security monitoring including AWS CloudTrail, Azure Activity Logs, GCP Cloud Audit Logs, cloud storage logging, and cloud log analysis. RCCE students will learn to enable and configure comprehensive cloud logging across AWS, Azure, and GCP, centralize cloud logs for security analysis, parse and normalize cloud log formats, detect security-relevant events including unauthorized API calls, privilege escalation, data exfiltration, and configuration changes, build automated alerting for critical cloud events, manage cloud log retention and storage costs, and use cloud logs for forensic investigation of cloud security incidents. This threat-focused course teaches students to think like adversaries while building robust defenses. At an expert level, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Cloud Security Architects and Engineers
- DevSecOps and Platform Engineers
- Identity and Access Management Specialists
- Security Analysts securing cloud workloads
- Professionals implementing Cloud logging Threats, Tactics, and Defenses
- Execute hands-on tasks for cloud logging threats,
- Execute hands-on tasks for cloud logging mastery — covering Enable and configure multi-cloud logging, Centralize logs for security analysis.
- Execute hands-on tasks for threat-informed defense — covering Analyze adversary attack techniques, Build detection logic for cloud events.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for cloud platforms — covering AWS CloudTrail.
- Execute hands-on tasks for threat & defense — covering Attack Patterns (5+).
- Execute hands-on tasks for event source
- Execute hands-on tasks for log agent
- Execute hands-on tasks for control plane logs — covering API calls and management events, Identity and access decisions.
- Execute hands-on tasks for data plane logs — covering Resource access events, Data read/write operations.
- Execute hands-on tasks for infrastructure logs
| Module 01 | Cloud Logging Threats, |
| Module 02 | Cloud Logging Mastery |
| Module 03 | Threat-Informed Defense |
| Module 04 | Cloud Logging Architecture |
| Module 05 | Shared Responsibility Model |
| Module 06 | Cloud Platforms |
| Module 07 | Threat & Defense |
| Module 08 | Event Source |
| Module 09 | Log Agent |
| Module 10 | Control Plane Logs |
| Module 11 | Data Plane Logs |
| Module 12 | Infrastructure Logs |
| Module 13 | Application Logs |
| Module 14 | Log Retention |
All hands-on labs run on Rocheston Rose X OS. Students practice cloud logging threats, tactics, and defenses by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for cloud logging threats,
- Lab 2: Execute hands-on tasks for cloud logging mastery
- Lab 3: Execute hands-on tasks for threat-informed defense
- Lab 4: Design a scalable privilege management architecture with policy and enforcement
- Lab 5: Design a scalable privilege management architecture with policy and enforcement
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Cloud logging Threats, Tactics, and Defenses, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI