Hands-On SIEM
RCCE students will learn Security Information and Event Management platform deployment, configuration, and operations including log ingestion, parsing, correlation rule development, dashboard creation, and alert management. RCCE students will learn to deploy and configure SIEM platforms for enterprise security monitoring, design log collection architectures, write correlation rules that detect attack patterns, build operational dashboards for security analysts, manage alert workflows and escalation procedures, tune SIEM performance and storage, integrate threat intelligence feeds, and maintain SIEM content as the threat landscape and organizational infrastructure evolve. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Building on core knowledge, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Hands-On SIEM
- Execute hands-on tasks for security information and event management
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for how you will learn — covering Deploy and configure enterprise SIEM platforms, Hands-on lab exercises throughout.
- Execute hands-on tasks for delivery format — covering Basic networking and OS concepts.
- Execute hands-on tasks for log aggregation — covering Aggregates logs from all, Threat Detection, Real-time event correlation.
- Explain Foundation of SOC operations fundamentals — covering Threat Detection, Real-time event correlation, Compliance reporting and audit.
- Build detections and response workflows for privilege escalation, including Real-time event correlation.
- Build detections and response workflows for privilege escalation, including Compliance reporting and audit.
- Explain SIEM Architecture Overview fundamentals
- Execute hands-on tasks for data sources
- Execute hands-on tasks for collection tier
| Module 01 | Security Information and Event Management |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | How You Will Learn |
| Module 05 | Delivery Format |
| Module 06 | Log Aggregation |
| Module 07 | Foundation of SOC operations |
| Module 08 | Threat Detection |
| Module 09 | Compliance and Response |
| Module 10 | SIEM Architecture Overview |
| Module 11 | Data Sources |
| Module 12 | Collection Tier |
| Module 13 | Endpoints, Network, |
| Module 14 | Cloud, Applications |
All hands-on labs run on Rocheston Rose X OS. Students practice hands-on siem by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for security information and event management
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for how you will learn
- Lab 5: Execute hands-on tasks for delivery format
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Hands-On SIEM, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI