Practical Detection engineering Workshop: Fast Track
RCCE students will learn how to build, test, and maintain high-fidelity detection rules across SIEM, EDR, and cloud security platforms. RCCE students will learn to translate threat intelligence and MITRE ATT&CK techniques into detection logic, write detection rules using query languages (SPL, KQL, Sigma), reduce false positive rates through rule tuning, implement detection-as-code workflows, version control detection content, measure detection coverage gaps, and build automated testing pipelines that validate detection rules against simulated attack data before production deployment. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Building on core knowledge, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Practical Detection engineering Workshop: Fast Track
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for fast track
- Explain Course Overview fundamentals
- Explain Detection Foundations fundamentals — covering Translate threat intel to, MITRE ATT&CK techniques.
- Execute hands-on tasks for engineering practices — covering Detection-as-code workflows, Version control detection.
- Execute hands-on tasks for operational maturity — covering detection coverage.
- Execute hands-on tasks for prerequisites & lab environment
- Execute hands-on tasks for lab environment — covering SOC fundamentals knowledge, Splunk / Elastic SIEM instance, All labs run on RCCE Raven Lab infrastructure with pre-configured detection platforms.
- Execute hands-on tasks for threat intel — covering CTI feeds, MITRE.
- Build detections and response workflows for privilege escalation, including Rule authoring.
- Design a scalable privilege management architecture with policy and enforcement
| Module 01 | Practical Detection Engineering |
| Module 02 | Fast Track |
| Module 03 | Course Overview |
| Module 04 | Detection Foundations |
| Module 05 | Engineering Practices |
| Module 06 | Operational Maturity |
| Module 07 | Prerequisites & Lab Environment |
| Module 08 | Lab Environment |
| Module 09 | What Is Detection Engineering? |
| Module 10 | Threat Intel |
| Module 11 | Detection Logic |
| Module 12 | Detection Engineering Maturity Model |
| Module 13 | MITRE ATT&CK for Detection Engineering |
| Module 14 | ATT&CK Mapping Methodology |
All hands-on labs run on Rocheston Rose X OS. Students practice practical detection engineering workshop: fast track by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for fast track
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Explain Detection Foundations fundamentals
- Lab 5: Execute hands-on tasks for engineering practices
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Practical Detection engineering Workshop: Fast Track, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI