More Related Content Similar to Real-Time Insights Lab and Lab Prep (20) More from Amazon Web Services (20) Real-Time Insights Lab and Lab Prep1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Lab Preparation and Real-Time Insights Lab
Greg McConnel,
Security Solutions Architect
Jesse Fuchs,
Security Solutions Architect
2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Agenda
1. Prep for GuardDuty Lab
2. Address any account or credit issues
3. Real Time Insight Lab
3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Preparation for GuardDuty Lab
• We strongly recommend using your own AWS account, not a work account
• Set up a new account if needed
• We will provide AWS credits
• GuardDuty is at no cost for the first 30 days (if you already had GuardDuty
setup in your account you can open a new account for the lab)
4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Entering the AWS Account Credits
• In the AWS Console, click in the upper right hand corner where your name
is and choose My Account
• On the left hand side click Credits
• Enter the code
5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Real-Time Insights Lab
6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Architecture
https://aws.amazon.com/answers/account-management/real-time-insights-account-activity/
7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Solution Details
• CloudTrail records activity from the Console, SDKs, CLI, and other AWS services
• CloudWatch event rule monitors for CloudTrail activity and sends data to Kinesis
Firehose
• Kinesis Firehose archives the events to S3 and sends the data to Kinesis Analytics for
processing.
• Once processed, the data is sent to Kinesis Streams. A Lambda function reads data
from the stream and sends to a DynamoDB table to be stored and then read from
the dashboard
• Dashboard is a web page in S3 that uses Cognito user pools for access
8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Solution Walkthrough
9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
URL
http://lab.gregmcconnel.net/
10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
Real-Time Insights Lab
Questions:
1. Is this dashboard truly “real-time”?
2. How does the dashboard get access to DynamoDB?
3. How scalable is the solution?
4. How is the anomaly metric calculated?
5. What services or calls are not being monitored by this solution?
http://lab.gregmcconnel.net/
11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved
aws.amazon.com/activate
Everything and Anything Startups
Need to Get Started on AWS