Threat hunting Incident Response: Basics
RCCE students will learn proactive threat hunting methodologies including hypothesis-driven hunting, data-driven hunting, intelligence-driven hunting, and hunt team operations. RCCE students will learn to develop threat hunting hypotheses based on MITRE ATT&CK techniques, design hunting queries across SIEM, EDR, and network data, identify indicators of compromise and attacker behavioral patterns, distinguish normal from anomalous activity in complex environments, document and share hunting findings, convert successful hunts into automated detections, and build threat hunting programs that continuously improve organizational detection capabilities. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Building on core knowledge, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Threat hunting Incident Response: Basics
- Execute hands-on tasks for threat hunting &
- Build detections and response workflows for privilege escalation
- Explain Course Overview & Learning Objectives fundamentals
- Execute hands-on tasks for threat hunting track — covering Hypothesis-driven hunting methods, Data and intelligence-driven hunting.
- Build detections and response workflows for privilege escalation, including Structured IR workflows, and Containment and evidence collection.
- Execute hands-on tasks for structured ir workflows — covering Containment and evidence collection.
- Execute hands-on tasks for what you will achieve — covering Build hunting hypotheses from ATT&CK, detection queries for live environments.
- Execute hands-on tasks for build hunting hypotheses from att&ck — covering detection queries for live environments.
- Execute hands-on tasks for reactive security
- Execute hands-on tasks for proactive hunting
- Execute hands-on tasks for threat intelligence — covering Alert-driven response, Analyst-driven exploration, External data enrichment.
- Execute hands-on tasks for why threat hunting matters
| Module 01 | Threat Hunting & |
| Module 02 | Incident Response: Basics |
| Module 03 | Course Overview & Learning Objectives |
| Module 04 | Threat Hunting Track |
| Module 05 | Incident Response Track |
| Module 06 | Structured IR workflows |
| Module 07 | What You Will Achieve |
| Module 08 | Build hunting hypotheses from ATT&CK |
| Module 09 | Reactive Security |
| Module 10 | Proactive Hunting |
| Module 11 | Threat Intelligence |
| Module 12 | Why Threat Hunting Matters |
| Module 13 | Breaches Found |
| Module 14 | Average Cost |
All hands-on labs run on Rocheston Rose X OS. Students practice threat hunting incident response: basics by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for threat hunting &
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Explain Course Overview & Learning Objectives fundamentals
- Lab 4: Execute hands-on tasks for threat hunting track
- Lab 5: Build detections and response workflows for privilege escalation
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Threat hunting Incident Response: Basics, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI