Correlation Playbook for Teams
RCCE students will learn security operations workflows, alert triage, SIEM management, detection engineering, and threat hunting techniques. RCCE students will learn to operate effectively in a Security Operations Center, reduce alert fatigue through intelligent triage, build high-fidelity detections, conduct proactive threat hunts, and improve mean time to detect and respond across the organization. This team-oriented course builds collaborative workflows and organizational playbooks for security operations. At an expert level, RCCE students will learn to create and implement standardized procedures that enable consistent performance across team members and shifts. Students develop the documentation, communication, and coordination skills needed for effective team-based security operations.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Correlation Playbook for Teams
- Execute hands-on tasks for correlation playbook
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering SOC operations workflows.
- Execute hands-on tasks for team capabilities — covering Collaborative playbook development.
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for incident analyst
- Execute hands-on tasks for threat hunter
- Execute hands-on tasks for tier 1 responsibilities
- Execute hands-on tasks for tier 2-3 responsibilities — covering alert queues in real-time.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for dedicated shift
- Design a scalable privilege management architecture with policy and enforcement, including 24/7 coverage across time zones, Fixed teams per shift rotation, and Core team with on-call support.
| Module 01 | Correlation Playbook |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Team Capabilities |
| Module 05 | Alert Monitor |
| Module 06 | Incident Analyst |
| Module 07 | Threat Hunter |
| Module 08 | Tier 1 Responsibilities |
| Module 09 | Tier 2-3 Responsibilities |
| Module 10 | SOC Operating Models |
| Module 11 | Dedicated Shift |
| Module 12 | Hybrid Model |
| Module 13 | Model Selection Criteria |
| Module 14 | Alert Lifecycle |
All hands-on labs run on Rocheston Rose X OS. Students practice correlation playbook for teams by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for correlation playbook
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for team capabilities
- Lab 5: Monitor and audit privilege usage; detect escalation attempts
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Correlation Playbook for Teams, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI