UEBA Playbook for Teams: Bootcamp Unit
RCCE students will learn security operations workflows, alert triage, SIEM management, detection engineering, and threat hunting techniques. RCCE students will learn to operate effectively in a Security Operations Center, reduce alert fatigue through intelligent triage, build high-fidelity detections, conduct proactive threat hunts, and improve mean time to detect and respond across the organization. This team-oriented course builds collaborative workflows and organizational playbooks for security operations. Building on core knowledge, RCCE students will learn to create and implement standardized procedures that enable consistent performance across team members and shifts. Students develop the documentation, communication, and coordination skills needed for effective team-based security operations.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing UEBA Playbook for Teams: Bootcamp Unit
- Execute hands-on tasks for ueba playbook for teams
- Execute hands-on tasks for bootcamp unit — security operations workflows
- Execute hands-on tasks for course objectives & learning outcomes
- Execute hands-on tasks for primary objectives — covering Master SOC operational workflows.
- Execute hands-on tasks for team skills — covering Standardized procedures across shifts.
- Execute hands-on tasks for prerequisites & lab environment
- Execute hands-on tasks for lab environment — covering SOC fundamentals knowledge, SIEM platform with UEBA module.
- Execute hands-on tasks for familiarity with mitre att&ck — covering SIEM platform with UEBA module.
- Execute hands-on tasks for ueba defined — covering Analyzes user and entity behavior patterns.
- Execute hands-on tasks for key differentiators — covering Goes beyond rule-based detection.
- Explain UEBA Architecture Overview fundamentals
- Execute hands-on tasks for data sources — covering Authentication logs (AD, LDAP, SSO).
| Module 01 | UEBA Playbook for Teams |
| Module 02 | Bootcamp Unit — Security Operations Workflows |
| Module 03 | Course Objectives & Learning Outcomes |
| Module 04 | Primary Objectives |
| Module 05 | Team Skills |
| Module 06 | Prerequisites & Lab Environment |
| Module 07 | Lab Environment |
| Module 08 | Familiarity with MITRE ATT&CK |
| Module 09 | UEBA Defined |
| Module 10 | Key Differentiators |
| Module 11 | UEBA Architecture Overview |
| Module 12 | Data Sources |
| Module 13 | Scoring Model |
| Module 14 | Tier 1 Analyst |
All hands-on labs run on Rocheston Rose X OS. Students practice ueba playbook for teams: bootcamp unit by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for ueba playbook for teams
- Lab 2: Execute hands-on tasks for bootcamp unit — security operations workflows
- Lab 3: Execute hands-on tasks for course objectives & learning outcomes
- Lab 4: Execute hands-on tasks for primary objectives
- Lab 5: Execute hands-on tasks for team skills
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for UEBA Playbook for Teams: Bootcamp Unit, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI