UEBA Threats, Tactics, and Defenses: Bootcamp Unit
RCCE students will learn security operations workflows, alert triage, SIEM management, detection engineering, and threat hunting techniques. RCCE students will learn to operate effectively in a Security Operations Center, reduce alert fatigue through intelligent triage, build high-fidelity detections, conduct proactive threat hunts, and improve mean time to detect and respond across the organization. This threat-focused course teaches students to think like adversaries while building robust defenses. Starting from foundational concepts, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing UEBA Threats, Tactics, and Defenses: Bootcamp Unit
- Execute hands-on tasks for bootcamp unit
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering UEBA architecture and, Behavioral baselining techniques.
- Execute hands-on tasks for course outcomes — covering Build user behavior baselines, insider and external.
- Execute hands-on tasks for basic soc operations knowledge — covering Familiarity with SIEM concepts.
- Execute hands-on tasks for core value proposition — covering Finds threats rules cannot detect.
- Explain UEBA Architecture Overview fundamentals
- Execute hands-on tasks for data sources
- Execute hands-on tasks for baseline engine
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for data ingestion — covering Normalize heterogeneous logs, Enrich with identity context.
- Design a scalable privilege management architecture with policy and enforcement, including Supervised and unsupervised ML, and Peer group clustering.
| Module 01 | Bootcamp Unit |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Course Outcomes |
| Module 05 | Basic SOC operations knowledge |
| Module 06 | Core Value Proposition |
| Module 07 | UEBA Architecture Overview |
| Module 08 | Data Sources |
| Module 09 | Baseline Engine |
| Module 10 | ML Models, Profiles |
| Module 11 | Data Ingestion |
| Module 12 | Model Training |
| Module 13 | Supervised and unsupervised ML |
| Module 14 | Alert Generation |
All hands-on labs run on Rocheston Rose X OS. Students practice ueba threats, tactics, and defenses: bootcamp unit by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for bootcamp unit
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course outcomes
- Lab 5: Execute hands-on tasks for basic soc operations knowledge
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for UEBA Threats, Tactics, and Defenses: Bootcamp Unit, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI