Practical Telemetry strategy Workshop
RCCE students will learn security telemetry collection strategy including data source identification, collection architecture, telemetry pipeline design, and coverage assessment. RCCE students will learn to identify critical telemetry sources across endpoints, networks, cloud environments, and applications, design telemetry collection architectures that balance coverage with performance and cost, implement telemetry pipelines for data enrichment, normalization, and routing, assess telemetry coverage against detection requirements and MITRE ATT&CK, manage telemetry volume and storage costs, troubleshoot telemetry collection failures, and continuously optimize telemetry strategy as the organizational attack surface evolves. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Starting from foundational concepts, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Practical Telemetry strategy Workshop
- Monitor and audit privilege usage; detect escalation attempts
- Monitor and audit privilege usage; detect escalation attempts, including endpoint, network, cloud sources.
- Design a scalable privilege management architecture with policy and enforcement, including Balance coverage, performance, cost.
- Execute hands-on tasks for pipeline engineering — covering Enrichment and normalization.
- Execute hands-on tasks for coverage assessment — covering MITRE ATT&CK mapping, Gap analysis techniques, Continuous optimization.
- Execute hands-on tasks for mitre att&ck mapping — covering Gap analysis techniques, Continuous optimization.
- Execute hands-on tasks for key insight — covering Telemetry is the superset.
| Module 01 | Practical Telemetry Strategy Workshop |
| Module 02 | Building Detection-Ready Telemetry Pipelines for the Modern SOC |
| Module 03 | Telemetry Source Identification |
| Module 04 | Collection Architecture Design |
| Module 05 | Pipeline Engineering |
| Module 06 | Coverage Assessment |
| Module 07 | MITRE ATT&CK mapping |
| Module 08 | What Is Security Telemetry? |
| Module 09 | Telemetry vs Logging vs Monitoring |
| Module 10 | Key Insight |
| Module 11 | Telemetry Data Source Categories |
| Module 12 | Endpoint Telemetry Deep Dive |
| Module 13 | ▶ Process Events |
| Module 14 | 📁 File System Events |
All hands-on labs run on Rocheston Rose X OS. Students practice practical telemetry strategy workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Monitor and audit privilege usage; detect escalation attempts
- Lab 3: Monitor and audit privilege usage; detect escalation attempts
- Lab 4: Design a scalable privilege management architecture with policy and enforcement
- Lab 5: Execute hands-on tasks for pipeline engineering
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Practical Telemetry strategy Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI