Telemetry strategy Playbook for Teams
RCCE students will learn security telemetry collection strategy including data source identification, collection architecture, telemetry pipeline design, and coverage assessment. RCCE students will learn to identify critical telemetry sources across endpoints, networks, cloud environments, and applications, design telemetry collection architectures that balance coverage with performance and cost, implement telemetry pipelines for data enrichment, normalization, and routing, assess telemetry coverage against detection requirements and MITRE ATT&CK, manage telemetry volume and storage costs, troubleshoot telemetry collection failures, and continuously optimize telemetry strategy as the organizational attack surface evolves. This team-oriented course builds collaborative workflows and organizational playbooks for security operations. At an expert level, RCCE students will learn to create and implement standardized procedures that enable consistent performance across team members and shifts. Students develop the documentation, communication, and coordination skills needed for effective team-based security operations.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Telemetry strategy Playbook for Teams
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for playbook for teams
- Explain Course Overview: Telemetry Strategy Playbook fundamentals
- Execute hands-on tasks for what you will master — covering Team Playbook Focus.
- Execute hands-on tasks for mitre att&ck coverage assessment — covering Team Playbook Focus.
- Monitor and audit privilege usage; detect escalation attempts, including Visibility into adversary behavior.
- Execute hands-on tasks for lifecycle key principles
- Monitor and audit privilege usage; detect escalation attempts, including Windows Endpoints.
| Module 01 | Telemetry Strategy |
| Module 02 | Playbook for Teams |
| Module 03 | Course Overview: Telemetry Strategy Playbook |
| Module 04 | What You Will Master |
| Module 05 | MITRE ATT&CK coverage assessment |
| Module 06 | What Is Security Telemetry? |
| Module 07 | Why Telemetry Matters |
| Module 08 | Telemetry Data Lifecycle |
| Module 09 | Lifecycle Key Principles |
| Module 10 | Telemetry Source Categories |
| Module 11 | Endpoint Telemetry Sources |
| Module 12 | Network Telemetry Sources |
| Module 13 | Flow Data |
| Module 14 | Packet Capture |
All hands-on labs run on Rocheston Rose X OS. Students practice telemetry strategy playbook for teams by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Execute hands-on tasks for playbook for teams
- Lab 3: Explain Course Overview: Telemetry Strategy Playbook fundamentals
- Lab 4: Execute hands-on tasks for what you will master
- Lab 5: Execute hands-on tasks for mitre att&ck coverage assessment
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Telemetry strategy Playbook for Teams, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI