Threat hunting Hardening Clinic
RCCE students will learn proactive threat hunting methodologies including hypothesis-driven hunting, data-driven hunting, intelligence-driven hunting, and hunt team operations. RCCE students will learn to develop threat hunting hypotheses based on MITRE ATT&CK techniques, design hunting queries across SIEM, EDR, and network data, identify indicators of compromise and attacker behavioral patterns, distinguish normal from anomalous activity in complex environments, document and share hunting findings, convert successful hunts into automated detections, and build threat hunting programs that continuously improve organizational detection capabilities. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. Starting from foundational concepts, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Threat hunting Hardening Clinic
- Execute hands-on tasks for threat hunting
- Execute hands-on tasks for hardening clinic
- Execute hands-on tasks for proactive defense through hunting & configuration security
- Explain Course Overview fundamentals
- Execute hands-on tasks for system hardening — covering Hardening baselines (CIS, STIG), Configuration change management.
- Execute hands-on tasks for hardening baselines (cis, stig) — covering Configuration change management.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for develop hunting hypotheses — covering hypotheses to ATT&CK, Prioritize by risk and coverage.
- Execute hands-on tasks for query across data sources — covering SIEM correlation queries, EDR telemetry analysis.
- Execute hands-on tasks for map hypotheses to att&ck — covering Prioritize by risk and coverage.
- Execute hands-on tasks for identify anomalies — covering Baseline normal behavior.
- Execute hands-on tasks for apply hardening baselines — covering CIS Benchmark application.
| Module 01 | Threat Hunting |
| Module 02 | Hardening Clinic |
| Module 03 | Proactive Defense Through Hunting & Configuration Security |
| Module 04 | Course Overview |
| Module 05 | System Hardening |
| Module 06 | Hardening baselines (CIS, STIG) |
| Module 07 | Learning Objectives |
| Module 08 | Develop Hunting Hypotheses |
| Module 09 | Query Across Data Sources |
| Module 10 | Map hypotheses to ATT&CK |
| Module 11 | Identify Anomalies |
| Module 12 | Apply Hardening Baselines |
| Module 13 | What Is Threat Hunting? |
| Module 14 | → Data Collection → Investigation → |
All hands-on labs run on Rocheston Rose X OS. Students practice threat hunting hardening clinic by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for threat hunting
- Lab 2: Execute hands-on tasks for hardening clinic
- Lab 3: Execute hands-on tasks for proactive defense through hunting & configuration security
- Lab 4: Explain Course Overview fundamentals
- Lab 5: Execute hands-on tasks for system hardening
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Threat hunting Hardening Clinic, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI