Logging Hardening Workshop
RCCE students will learn endpoint and system logging architecture including log source configuration, log collection, centralized log management, log retention policies, and log analysis for security monitoring. RCCE students will learn to configure logging on Windows, Linux, and macOS endpoints, enable security-relevant event categories, forward logs to centralized SIEM platforms, parse and normalize log data, develop log-based detection rules, investigate security events using log correlation, implement tamper-resistant logging, manage log storage and retention to meet compliance requirements, and troubleshoot log collection failures. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. Building on core knowledge, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Logging Hardening Workshop
- Execute hands-on tasks for logging hardening workshop
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for hands-on focus — covering Endpoint logging architecture design.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for log sources
- Execute hands-on tasks for collection agents
- Execute hands-on tasks for transport layer
- Execute hands-on tasks for central storage — covering OS kernel and system daemons.
- Execute hands-on tasks for log data lifecycle
- Execute hands-on tasks for hot storage (0-30 days) — covering Full indexed search.
- Execute hands-on tasks for moderate cost per gb — covering Cold Storage (1-7 years), Compliance retention.
| Module 01 | Logging Hardening Workshop |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Hands-On Focus |
| Module 05 | Logging Architecture Fundamentals |
| Module 06 | Log Sources |
| Module 07 | Collection Agents |
| Module 08 | Transport Layer |
| Module 09 | Central Storage |
| Module 10 | Log Data Lifecycle |
| Module 11 | Hot Storage (0-30 days) |
| Module 12 | Moderate cost per GB |
| Module 13 | Cold Storage (1-7 years) |
| Module 14 | Log Source Categories |
All hands-on labs run on Rocheston Rose X OS. Students practice logging hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for logging hardening workshop
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for hands-on focus
- Lab 5: Design a scalable privilege management architecture with policy and enforcement
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Logging Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI