AWS Log Forensics & Incident Response
0 likes
views
Check these out next
AWS Log Forensics & Incident Response
0 likes
views
"AWS Log Forensics & Incident Response" provides an overview of AWS logging services and their use in forensic investigations of security incidents. The talk begins with an explanation of the importance of logging in detecting and responding to security incidents in AWS environments. The speaker then introduces the different types of logs available in AWS, including CloudTrail, VPC Flow Logs, and AWS Config Logs. The speaker goes on to explain the different techniques and tools that can be used to analyze logs for incident response, such as log aggregation and correlation, pattern matching, and log visualization. The talk also covers best practices for configuring and managing logging services in AWS to ensure maximum visibility into potential security threats. The second part of the talk focuses on the practical aspects of using AWS log forensics for incident response. The speaker walks the audience through a hypothetical security incident and demonstrates how different types of logs can be used to identify the root cause of the incident and determine the scope of the compromise. The talk concludes with a discussion of the importance of developing an effective incident response plan that includes logging and log analysis as a key component.
Recommended
AWS Log Forensics & Incident Response
- AWS Log Forensics & Incident Response Cado Security | 1
- What is Cloud Trail? https://docs.aws.amazon.com/IAM/latest/UserGuide/security-logging-and-monitoring.html AWS CloudTrail captures all API calls for IAM and AWS STS as events, including calls from the console and API calls.
- https://www.chrisfarris.com/talks/SEC339-Final-Deck.pdf What is CloudTrail?
- What is CloudWatch? https://docs.aws.amazon.com/IAM/latest/UserGuide/security-logging-and-monitoring.html Amazon CloudWatch monitors your AWS resources and the applications that you run on AWS in real time. You can collect and track metrics, create customized dashboards, and set alarms that notify you or take actions when a specified metric reaches a threshold that you specify. For example, you can have CloudWatch track CPU usage or other metrics of your Amazon EC2 instances and automatically launch new instances when needed. Amazon CloudWatch Logs helps you monitor, store, and access your log files from Amazon EC2 instances, CloudTrail, and other sources. CloudWatch Logs can monitor information in the log files and notify you when certain thresholds are met. You can also archive your log data in highly durable storage.
- CloudWatch vs CloudTrail? CloudWatch CloudTrail Performance Monitoring Auditing Log events across AWS Services - operations Log API activity across AWS Services - Activities Higher Level Monitoring Lower Level Granular Data
- Why are there So Many Logs? Great Resource “AWS Logging Types” - https://bit.ly/3XidVm3 Cloud Watch: API Gateway Access Logs AppSync Debug Logs Chime SIP Message Logs CloudHSM Audit Logs Connect Contact Flow Logs DataSync Task Logging DirectoryService AWS Managed Microsoft AD Logs DMS Migration Logs DocDB Profiler Logs EC2 Instance Logs EKS Control Plane Logs ElasticBeanstalk Instance Logs FirehoseDelivery Error Logs Greengrass Debug Logs Imagebuilder Build Logs Kendra Data Source Logs Kinesis Data Analytics Task, Application, and Operator Logs Lambda Application Logs Lex Conversation Logs Lightsail All MQ ActiveMQ and RabbitMQ Logs OpsWorks Instance Logs RDS Database Logs Route53 Query Logs SageMaker Jupyter Job Logs SNS SMS Status Logs StepFunctions Workflow Logs WorkMail Email Event Logs
- So Many Logs, So Little Standards?
- What AWS Log Analysis is in Cado?
- How do you analyze AWS Logs in Cado?
- Cado Response Free 14-day trial Receive unlimited access to the Cado Response Platform for 14 days. www.cadosecurity.com/free-investigation/