Telemetry strategy Incident Handling
RCCE students will learn security telemetry collection strategy including data source identification, collection architecture, telemetry pipeline design, and coverage assessment. RCCE students will learn to identify critical telemetry sources across endpoints, networks, cloud environments, and applications, design telemetry collection architectures that balance coverage with performance and cost, implement telemetry pipelines for data enrichment, normalization, and routing, assess telemetry coverage against detection requirements and MITRE ATT&CK, manage telemetry volume and storage costs, troubleshoot telemetry collection failures, and continuously optimize telemetry strategy as the organizational attack surface evolves. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. At an expert level, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Telemetry strategy Incident Handling
- Execute hands-on tasks for fast track
- Execute hands-on tasks for adversarial tactics, techniques & common knowledge
- Explain Framework Overview fundamentals — covering Knowledge base of adversary behavior.
- Execute hands-on tasks for why it matters — covering Common language for threat analysis.
- Execute hands-on tasks for 2013 — fmx project — covering MITRE internal.
- Execute hands-on tasks for 2023 — ics + mobile v14 — covering Granular.
- Explain Enterprise Tactics Overview fundamentals
- Execute hands-on tasks for initial access
- Execute hands-on tasks for techniques & sub-techniques
- Execute hands-on tasks for enterprise matrix deep dive
- Execute hands-on tasks for platform coverage
- Execute hands-on tasks for data sources
| Module 01 | Fast Track |
| Module 02 | Adversarial Tactics, Techniques & Common Knowledge |
| Module 03 | Framework Overview |
| Module 04 | Why It Matters |
| Module 05 | 2013 — FMX Project |
| Module 06 | 2023 — ICS + Mobile V14 |
| Module 07 | Enterprise Tactics Overview |
| Module 08 | Initial Access |
| Module 09 | Techniques & Sub-Techniques |
| Module 10 | Enterprise Matrix Deep Dive |
| Module 11 | Platform Coverage |
| Module 12 | Data Sources |
| Module 13 | Use Cases |
| Module 14 | Cloud API call logs |
All hands-on labs run on Rocheston Rose X OS. Students practice telemetry strategy incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for fast track
- Lab 2: Execute hands-on tasks for adversarial tactics, techniques & common knowledge
- Lab 3: Explain Framework Overview fundamentals
- Lab 4: Execute hands-on tasks for why it matters
- Lab 5: Execute hands-on tasks for 2013 — fmx project
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Telemetry strategy Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI