UEBA Monitoring and Detection: Operator Edition
RCCE students will learn security operations workflows, alert triage, SIEM management, detection engineering, and threat hunting techniques. RCCE students will learn to operate effectively in a Security Operations Center, reduce alert fatigue through intelligent triage, build high-fidelity detections, conduct proactive threat hunts, and improve mean time to detect and respond across the organization. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. Starting from foundational concepts, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing UEBA Monitoring and Detection: Operator Edition
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for operator edition
- Execute hands-on tasks for understand ueba fundamentals — covering Learn how user and entity behavior analytics detect.
- Execute hands-on tasks for operate in a soc environment — covering Master workflows for monitoring, escalation, and.
- Execute hands-on tasks for measure soc performance — covering Track MTTD, MTTR, and coverage KPIs for continuous.
- Execute hands-on tasks for user & entity behavior analytics — covering Monitors users, hosts, apps, and networks, Catches insider threats signatures miss.
- Execute hands-on tasks for why ueba matters — covering Monitors users, hosts, apps, and networks.
- Explain UEBA Architecture Overview fundamentals
- Execute hands-on tasks for data collection layer
- Execute hands-on tasks for processing & enrichment
- Integrate privilege controls with identity providers and SIEM telemetry, including Active Directory logs, and SSO/SAML events.
| Module 01 | UEBA Monitoring and Detection |
| Module 02 | Operator Edition |
| Module 03 | Understand UEBA fundamentals |
| Module 04 | Operate in a SOC environment |
| Module 05 | Measure SOC performance |
| Module 06 | User & Entity Behavior Analytics |
| Module 07 | Why UEBA Matters |
| Module 08 | UEBA Architecture Overview |
| Module 09 | Data Collection Layer |
| Module 10 | Processing & Enrichment |
| Module 11 | Security Telemetry Sources |
| Module 12 | Identity & Access |
| Module 13 | Active Directory logs |
| Module 14 | Cloud & SaaS |
All hands-on labs run on Rocheston Rose X OS. Students practice ueba monitoring and detection: operator edition by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Execute hands-on tasks for operator edition
- Lab 3: Execute hands-on tasks for understand ueba fundamentals
- Lab 4: Execute hands-on tasks for operate in a soc environment
- Lab 5: Execute hands-on tasks for measure soc performance
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for UEBA Monitoring and Detection: Operator Edition, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI