Practical SIEM Workshop
RCCE students will learn Security Information and Event Management platform deployment, configuration, and operations including log ingestion, parsing, correlation rule development, dashboard creation, and alert management. RCCE students will learn to deploy and configure SIEM platforms for enterprise security monitoring, design log collection architectures, write correlation rules that detect attack patterns, build operational dashboards for security analysts, manage alert workflows and escalation procedures, tune SIEM performance and storage, integrate threat intelligence feeds, and maintain SIEM content as the threat landscape and organizational infrastructure evolve. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Starting from foundational concepts, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Practical SIEM Workshop
- Execute hands-on tasks for security information & event management
- Execute hands-on tasks for deployment, configuration & operations
- Design a scalable privilege management architecture with policy and enforcement, including multi-tier log pipelines, agents, forwarders, syslog, and Ensure reliable transport and storage.
- Integrate privilege controls with identity providers and SIEM telemetry, including Install and harden SIEM platforms.
- Execute hands-on tasks for correlation rule development — covering Write detection logic for attack patterns.
- Execute hands-on tasks for dashboard & alert operations — covering Build SOC operational dashboards, Create alert workflows and escalations, Integrate threat intelligence feeds.
- Execute hands-on tasks for build soc operational dashboards — covering Create alert workflows and escalations, Integrate threat intelligence feeds.
- Execute hands-on tasks for compliance reporting — covering Continuous event stream analysis.
- Explain SIEM Architecture Overview fundamentals
- Execute hands-on tasks for data sources
- Execute hands-on tasks for collection tier
- Execute hands-on tasks for ingestion & parsing
| Module 01 | Security Information & Event Management |
| Module 02 | Deployment, Configuration & Operations |
| Module 03 | Log Collection Architecture |
| Module 04 | Deploy & Configure SIEM |
| Module 05 | Correlation Rule Development |
| Module 06 | Dashboard & Alert Operations |
| Module 07 | Build SOC operational dashboards |
| Module 08 | Compliance Reporting |
| Module 09 | SIEM Architecture Overview |
| Module 10 | Data Sources |
| Module 11 | Collection Tier |
| Module 12 | Ingestion & Parsing |
| Module 13 | Log Source Categories |
| Module 14 | Network Devices |
All hands-on labs run on Rocheston Rose X OS. Students practice practical siem workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for security information & event management
- Lab 2: Execute hands-on tasks for deployment, configuration & operations
- Lab 3: Design a scalable privilege management architecture with policy and enforcement
- Lab 4: Integrate privilege controls with identity providers and SIEM telemetry
- Lab 5: Execute hands-on tasks for correlation rule development
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Practical SIEM Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI