Threat hunting Deep Dive
RCCE students will learn proactive threat hunting methodologies including hypothesis-driven hunting, data-driven hunting, intelligence-driven hunting, and hunt team operations. RCCE students will learn to develop threat hunting hypotheses based on MITRE ATT&CK techniques, design hunting queries across SIEM, EDR, and network data, identify indicators of compromise and attacker behavioral patterns, distinguish normal from anomalous activity in complex environments, document and share hunting findings, convert successful hunts into automated detections, and build threat hunting programs that continuously improve organizational detection capabilities. This deep-dive course provides comprehensive technical coverage that goes beyond surface-level understanding. At an expert level, RCCE students will learn to master the nuances, edge cases, and advanced configurations that separate competent practitioners from true experts. Students will engage with complex real-world scenarios and gain the depth of knowledge required to troubleshoot difficult situations, mentor junior team members, and make architectural decisions with confidence.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Threat hunting Deep Dive
- Execute hands-on tasks for threat hunting deep dive
- Build detections and response workflows for privilege escalation
- Explain Course Overview fundamentals
- Execute hands-on tasks for course details — covering Course: RCCE 222.
- Execute hands-on tasks for level: advanced
- Execute hands-on tasks for learning objectives — covering Develop hypothesis-driven hunts.
- Execute hands-on tasks for expert-level outcomes — covering Master proactive threat discovery beyond alerting.
- Execute hands-on tasks for what is threat hunting?
- Execute hands-on tasks for core principles — covering Not alert triage or incident response.
- Execute hands-on tasks for why it matters — covering Finds threats missed by automation.
- Execute hands-on tasks for threat hunting
- Execute hands-on tasks for hypothesis / intel
| Module 01 | Threat Hunting Deep Dive |
| Module 02 | Proactive Detection and Adversary Pursuit |
| Module 03 | Course Overview |
| Module 04 | Course Details |
| Module 05 | Level: Advanced |
| Module 06 | Learning Objectives |
| Module 07 | Expert-Level Outcomes |
| Module 08 | What Is Threat Hunting? |
| Module 09 | Core Principles |
| Module 10 | Why It Matters |
| Module 11 | Threat Hunting |
| Module 12 | Hypothesis / Intel |
| Module 13 | Alert Triage |
| Module 14 | Key Takeaway |
All hands-on labs run on Rocheston Rose X OS. Students practice threat hunting deep dive by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for threat hunting deep dive
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for course details
- Lab 5: Execute hands-on tasks for level: advanced
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Threat hunting Deep Dive, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI