Threat hunting Incident Response
RCCE students will learn proactive threat hunting methodologies including hypothesis-driven hunting, data-driven hunting, intelligence-driven hunting, and hunt team operations. RCCE students will learn to develop threat hunting hypotheses based on MITRE ATT&CK techniques, design hunting queries across SIEM, EDR, and network data, identify indicators of compromise and attacker behavioral patterns, distinguish normal from anomalous activity in complex environments, document and share hunting findings, convert successful hunts into automated detections, and build threat hunting programs that continuously improve organizational detection capabilities. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Building on core knowledge, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Threat hunting Incident Response
- Execute hands-on tasks for threat hunting &
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for advanced cyber defense mastery
- Execute hands-on tasks for course details — covering Level: Intermediate | Domain: SOC.
- Explain Executive Overview fundamentals
- Execute hands-on tasks for threat hunting
- Execute hands-on tasks for continuous improvement — covering Proactive adversary detection, Structured IR workflows, Hunt-to-detection pipeline.
- Execute hands-on tasks for mitre att&ck aligned — covering Structured IR workflows.
- Execute hands-on tasks for reduce dwell time
- Build detections and response workflows for privilege escalation, including Beyond Automated Alerts.
- Execute hands-on tasks for improve soc maturity and posture
- Execute hands-on tasks for core definitions: threat hunting
| Module 01 | Threat Hunting & |
| Module 02 | Incident Response |
| Module 03 | Advanced Cyber Defense Mastery |
| Module 04 | Course Details |
| Module 05 | Executive Overview |
| Module 06 | Threat Hunting |
| Module 07 | Continuous Improvement |
| Module 08 | MITRE ATT&CK aligned |
| Module 09 | Reduce Dwell Time |
| Module 10 | Detection Gap Closure |
| Module 11 | Improve SOC maturity and posture |
| Module 12 | Core Definitions: Threat Hunting |
| Module 13 | Core Definitions: Incident Response |
| Module 14 | 14 adversary goals (Initial Access through Impact) |
All hands-on labs run on Rocheston Rose X OS. Students practice threat hunting incident response by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for threat hunting &
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Execute hands-on tasks for advanced cyber defense mastery
- Lab 4: Execute hands-on tasks for course details
- Lab 5: Explain Executive Overview fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Threat hunting Incident Response, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI