EDR Architecture Patterns: Workshop
RCCE students will learn Endpoint Detection and Response platform deployment, configuration, and operations including sensor deployment, detection rule management, automated response actions, and threat hunting with EDR telemetry. RCCE students will learn to deploy and manage EDR solutions across enterprise endpoints, configure detection rules for malware, lateral movement, and persistence techniques, implement automated response actions for containment, use EDR telemetry for proactive threat hunting, investigate alerts and trace attack chains through EDR data, tune EDR configurations to reduce false positives while maintaining detection coverage, and integrate EDR with SIEM and SOAR platforms. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. Building on core knowledge, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing EDR Architecture Patterns: Workshop
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for workshop objectives
- Execute hands-on tasks for deployment & configuration — covering Deploy EDR sensors across enterprise, detection rules for threats.
- Execute hands-on tasks for deploy edr sensors across enterprise — covering detection rules for threats.
- Execute hands-on tasks for operations & hunting — covering Use telemetry for threat hunting, Investigate alerts and attack chains.
- Design a scalable privilege management architecture with policy and enforcement, including Evaluate design trade-offs, and Apply proven security patterns.
- Execute hands-on tasks for hands-on labs — covering Deploy and configure EDR agents, Write detection rules.
- Execute hands-on tasks for deploy and configure edr agents — covering Write detection rules.
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for threat hunting
- Execute hands-on tasks for edr market landscape
| Module 01 | EDR Architecture Patterns |
| Module 02 | Workshop Objectives |
| Module 03 | Deployment & Configuration |
| Module 04 | Deploy EDR sensors across enterprise |
| Module 05 | Operations & Hunting |
| Module 06 | Architecture Thinking |
| Module 07 | Hands-On Labs |
| Module 08 | Deploy and configure EDR agents |
| Module 09 | What Is Endpoint Detection & Response |
| Module 10 | Detection Method |
| Module 11 | Threat Hunting |
| Module 12 | EDR Market Landscape |
| Module 13 | Carbon Black (VMware) |
| Module 14 | Lima Charlie |
All hands-on labs run on Rocheston Rose X OS. Students practice edr architecture patterns: workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Design a scalable privilege management architecture with policy and enforcement
- Lab 2: Execute hands-on tasks for workshop objectives
- Lab 3: Execute hands-on tasks for deployment & configuration
- Lab 4: Execute hands-on tasks for deploy edr sensors across enterprise
- Lab 5: Execute hands-on tasks for operations & hunting
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for EDR Architecture Patterns: Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI