MITRE ATT&CK Playbook for Teams
RCCE students will learn the MITRE ATT&CK framework including enterprise, mobile, and ICS matrices, tactic and technique mapping, sub-technique analysis, and practical ATT&CK application. RCCE students will learn to navigate the ATT&CK framework, map observed adversary behavior to ATT&CK techniques, use ATT&CK for detection gap analysis, develop detection rules aligned to ATT&CK techniques, produce ATT&CK-based threat assessments, leverage ATT&CK Navigator for coverage visualization, integrate ATT&CK into threat intelligence workflows, and use ATT&CK evaluations to compare security product effectiveness. This team-oriented course builds collaborative workflows and organizational playbooks for security operations. Starting from foundational concepts, RCCE students will learn to create and implement standardized procedures that enable consistent performance across team members and shifts. Students develop the documentation, communication, and coordination skills needed for effective team-based security operations.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing MITRE ATT&CK Playbook for Teams
- Execute hands-on tasks for playbook for teams
- Execute hands-on tasks for course objectives & learning outcomes
- Execute hands-on tasks for framework mastery — covering Operational Application.
- Execute hands-on tasks for produce att&ck-based threat assessments — covering Operational Application.
- Execute hands-on tasks for coordinate soc operations with att&ck — covering Learn Framework → Map Techniques → Build Detection → Create Playbooks → Team Operations.
- Execute hands-on tasks for adversarial tactics, techniques & common knowledge — covering Global knowledge base of adversary behavior.
- Execute hands-on tasks for key framework milestones — covering FMX experiment at MITRE led to initial behavior catalog.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for recon · resource dev · initial access · execution · ...
- Execute hands-on tasks for phishing · command & scripting · brute force · ...
- Explain Enterprise Matrix: 14 Tactics Overview fundamentals
- Execute hands-on tasks for initial access
| Module 01 | Playbook for Teams |
| Module 02 | Course Objectives & Learning Outcomes |
| Module 03 | Framework Mastery |
| Module 04 | Produce ATT&CK-based threat assessments |
| Module 05 | Coordinate SOC operations with ATT&CK |
| Module 06 | Adversarial Tactics, Techniques & Common Knowledge |
| Module 07 | Key Framework Milestones |
| Module 08 | ATT&CK Framework Architecture |
| Module 09 | Recon · Resource Dev · Initial Access · Execution · ... |
| Module 10 | Phishing · Command & Scripting · Brute Force · ... |
| Module 11 | Enterprise Matrix: 14 Tactics Overview |
| Module 12 | Initial Access |
| Module 13 | Tactic Deep Dive: Initial Access (TA0001) |
| Module 14 | Key Techniques |
All hands-on labs run on Rocheston Rose X OS. Students practice mitre att&ck playbook for teams by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for playbook for teams
- Lab 2: Execute hands-on tasks for course objectives & learning outcomes
- Lab 3: Execute hands-on tasks for framework mastery
- Lab 4: Execute hands-on tasks for produce att&ck-based threat assessments
- Lab 5: Execute hands-on tasks for coordinate soc operations with att&ck
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for MITRE ATT&CK Playbook for Teams, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI