PAM Monitoring and Detection
RCCE students will learn Privileged Access Management including privileged session monitoring, credential vaulting, just-in-time access provisioning, privileged account discovery, and break-glass procedures. RCCE students will learn to deploy and operate PAM solutions for securing privileged accounts, vault and rotate privileged credentials automatically, implement session recording and monitoring for privileged access, provision just-in-time privileged access with automatic expiration, discover and onboard unmanaged privileged accounts, configure break-glass procedures for emergency access, investigate privileged account misuse, and measure PAM program effectiveness. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. Starting from foundational concepts, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing PAM Monitoring and Detection
- Monitor and audit privilege usage; detect escalation attempts
- Build detections and response workflows for privilege escalation
- Explain PAM Foundations fundamentals
- Execute hands-on tasks for operational mastery
- Build detections and response workflows for privilege escalation, including privileged access types, Deploy session monitoring tools, and Build detection pipelines.
- Execute hands-on tasks for what is privileged access?
- Explain PAM Architecture Overview fundamentals
- Execute hands-on tasks for privileged account types
- Execute hands-on tasks for local admin
- Execute hands-on tasks for application accounts — covering Domain Admin.
- Execute hands-on tasks for privileged account discovery
- Execute hands-on tasks for local admins
| Module 01 | PAM Monitoring and Detection |
| Module 02 | Detection Strategies |
| Module 03 | PAM Foundations |
| Module 04 | Operational Mastery |
| Module 05 | Detection & Response |
| Module 06 | What is Privileged Access? |
| Module 07 | PAM Architecture Overview |
| Module 08 | Privileged Account Types |
| Module 09 | Local Admin |
| Module 10 | Application Accounts |
| Module 11 | Privileged Account Discovery |
| Module 12 | Local Admins |
| Module 13 | Service Accts |
| Module 14 | Accounts with no MFA |
All hands-on labs run on Rocheston Rose X OS. Students practice pam monitoring and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Explain PAM Foundations fundamentals
- Lab 4: Execute hands-on tasks for operational mastery
- Lab 5: Build detections and response workflows for privilege escalation
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for PAM Monitoring and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI