Zero-Trust Approach to Logging
RCCE students will learn endpoint and system logging architecture including log source configuration, log collection, centralized log management, log retention policies, and log analysis for security monitoring. RCCE students will learn to configure logging on Windows, Linux, and macOS endpoints, enable security-relevant event categories, forward logs to centralized SIEM platforms, parse and normalize log data, develop log-based detection rules, investigate security events using log correlation, implement tamper-resistant logging, manage log storage and retention to meet compliance requirements, and troubleshoot log collection failures. This zero-trust course applies modern security principles including least privilege, continuous verification, and explicit trust evaluation. At an expert level, RCCE students will learn to implement zero-trust architectures that assume breach and verify every access request regardless of network location. Students build practical zero-trust implementations that align with organizational security modernization goals.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Zero-Trust Approach to Logging
- Apply zero-trust principles to privilege decisions and elevation
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for course objectives & learning outcomes
- Execute hands-on tasks for log source configuration — covering logging on Windows, Linux, macOS.
- Execute hands-on tasks for centralized log management — covering Forward logs to SIEM platforms.
- Build detections and response workflows for privilege escalation, including Develop log-based detection rules.
- Apply zero-trust principles to privilege decisions and elevation, including tamper-resistant logging.
- Execute hands-on tasks for access request
- Execute hands-on tasks for policy engine
- Execute hands-on tasks for log decision
- Execute hands-on tasks for ▸ verify continuously
| Module 01 | Zero-Trust Approach to Logging |
| Module 02 | Endpoint & System Logging Architecture for Security Monitoring |
| Module 03 | Course Objectives & Learning Outcomes |
| Module 04 | Log Source Configuration |
| Module 05 | Centralized Log Management |
| Module 06 | Detection & Investigation |
| Module 07 | Zero-Trust Operations |
| Module 08 | Why Logging Matters in Zero-Trust |
| Module 09 | Access Request |
| Module 10 | Policy Engine |
| Module 11 | Log Decision |
| Module 12 | ▸ Verify Continuously |
| Module 13 | Zero-Trust Core Principles Applied to Logging |
| Module 14 | Never Trust, Always Verify |
All hands-on labs run on Rocheston Rose X OS. Students practice zero-trust approach to logging by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Apply zero-trust principles to privilege decisions and elevation
- Lab 2: Monitor and audit privilege usage; detect escalation attempts
- Lab 3: Execute hands-on tasks for course objectives & learning outcomes
- Lab 4: Execute hands-on tasks for log source configuration
- Lab 5: Execute hands-on tasks for centralized log management
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Zero-Trust Approach to Logging, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI