Submit Search
Upload
Amazon guard duty_lab
•
1 like
•
74 views
B
Bela Sojina MBA, PMP
Follow
from day 4 of AWS NYC loft security week
Read less
Read more
Technology
Report
Share
Report
Share
1 of 18
Download now
Download to read offline
Recommended
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Amazon Web Services
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdf
Amazon Web Services
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Amazon Web Services
How Redlock Automates Security on AWS
How Redlock Automates Security on AWS
Amazon Web Services
ThreatResponse
ThreatResponse
Amazon Web Services
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Amazon Web Services
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017
Amazon Web Services
Amazon GuardDuty Lab
Amazon GuardDuty Lab
Amazon Web Services
Recommended
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Centrally Protect Your AWS Resources with Amazon GuardDuty - AWS Online Tech ...
Amazon Web Services
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdf
Amazon Web Services
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...
Amazon Web Services
How Redlock Automates Security on AWS
How Redlock Automates Security on AWS
Amazon Web Services
ThreatResponse
ThreatResponse
Amazon Web Services
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Amazon Web Services
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017
Amazon Web Services
Amazon GuardDuty Lab
Amazon GuardDuty Lab
Amazon Web Services
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
Amazon Web Services
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
Amazon Web Services
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Amazon Web Services
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Amazon Web Services
Application Resiliency
Application Resiliency
Amazon Web Services
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
Amazon Web Services
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Amazon Web Services
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
Amazon Web Services
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
A Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
Amazon Web Services
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
Amazon Web Services
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Amazon Web Services
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Amazon Web Services
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
Secure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Amazon Web Services
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Amazon Web Services
SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty
Amazon Web Services
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon Web Services
More Related Content
What's hot
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
Amazon Web Services
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
Amazon Web Services
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Amazon Web Services
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Amazon Web Services
Application Resiliency
Application Resiliency
Amazon Web Services
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
Amazon Web Services
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Amazon Web Services
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
Amazon Web Services
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
A Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
Amazon Web Services
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
Amazon Web Services
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Amazon Web Services
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Amazon Web Services
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
Secure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Amazon Web Services
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Amazon Web Services
What's hot
(20)
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWS
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Application Resiliency
Application Resiliency
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
A Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Secure Configuration and Automation Overview
Secure Configuration and Automation Overview
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Implementing Bullet-Proof HIPAA Solutions on AWS (SEC306) | AWS re:Invent 2013
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Similar to Amazon guard duty_lab
SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty
Amazon Web Services
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon Web Services
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Amazon Web Services
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
Amazon Web Services
Threat Detection and Remediation Workshop
Threat Detection and Remediation Workshop
Amazon Web Services
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Amazon Web Services
Scaling threat detection and response on AWS
Scaling threat detection and response on AWS
Amazon Web Services
BDA210 AWS DeepLens Workshop Building Computer Vision Applications
BDA210 AWS DeepLens Workshop Building Computer Vision Applications
Amazon Web Services
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
Amazon Web Services
AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications
Amazon Web Services
External Security Services Round: Security Week at the San Francisco Loft
External Security Services Round: Security Week at the San Francisco Loft
Amazon Web Services
AWS DeepLens Workshop: Building Computer Vision Applications
AWS DeepLens Workshop: Building Computer Vision Applications
Amazon Web Services
AWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation Workshop
Amazon Web Services
Threat Detection & Remediation Workshop
Threat Detection & Remediation Workshop
Amazon Web Services
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS Summit
Amazon Web Services
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
Amazon Web Services
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Amazon Web Services
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
Amazon Web Services
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
Amazon Web Services
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Amazon Web Services
Similar to Amazon guard duty_lab
(20)
SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Threat Detection & Remediation Workshop - Module 2
Threat Detection & Remediation Workshop - Module 2
Threat Detection and Remediation Workshop
Threat Detection and Remediation Workshop
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response on AWS
Scaling threat detection and response on AWS
BDA210 AWS DeepLens Workshop Building Computer Vision Applications
BDA210 AWS DeepLens Workshop Building Computer Vision Applications
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Chica...
AWS DeepLens Workshop_Build Computer Vision Applications
AWS DeepLens Workshop_Build Computer Vision Applications
External Security Services Round: Security Week at the San Francisco Loft
External Security Services Round: Security Week at the San Francisco Loft
AWS DeepLens Workshop: Building Computer Vision Applications
AWS DeepLens Workshop: Building Computer Vision Applications
AWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation Workshop
Threat Detection & Remediation Workshop
Threat Detection & Remediation Workshop
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS Summit
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
AWS DeepLens Workshop: Building Computer Vision Applications - BDA201 - Anahe...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Recently uploaded
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
Hyundai Motor Group
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
null - The Open Security Community
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Hyundai Motor Group
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
Neo4j
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Recently uploaded
(20)
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Amazon guard duty_lab
1.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab Greg McConnel, Security Solutions Architect Jesse Fuchs, Security Solutions Architect
2.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty 1. Intro to GuardDuty & Demo - 20 min 2. Lab 1 – Discovery & Remediation – EC2 - 35 min 3. Discussion - 10 min 4. Lab 2 – Discovery & Remediation – IAM - 35 min 5. Discussion - 10 min 6. Summary & Closing - 10 min Amazon GuardDuty
3.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Quick Intro – very quick, I promise… Amazon GuardDuty
4.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Demo Start
5.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
6.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Role Playing
7.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved GuardDuty Threat Detection and Notification
8.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Demo Finish
9.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty http://lab.gregmcconnel.net/
10.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 The first lab will generate GuardDuty findings when an EC2 instance attempts to connect to a IP in a customer Threat List. We will assume this instance is compromised and isolate it using a Security Group. Here are the steps: • Environment Setup – Create Elastic IP and add this to a Custom Threat List. Run CloudFormation Template • Attack Simulation – In the background the ”Compromised” instance will connect with the “Malicious” instance, generating GuardDuty findings • Remediation – A Lambda function will be added that will remove the ”Compromised” instance from its current Security Group and add it to one with no Ingress or Egress rule • Extra Credit – Enhance the Lambda function to take additional actions on the ”Compromised” instance http://loftlab.gregmcconnel.net/ http://lab.gregmcconnel.net/
11.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 Part 1 http://loftlab.gregmcconnel.net/
12.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 – Part 2 http://loftlab.gregmcconnel.net/
13.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 1 Discussion
14.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 2 For the second lab you will be focused on generating and remediating GuardDuty findings related to compromised IAM credentials. Below are the steps you’ll be walking through: • Environment Setup – Run the CloudFormation template and create the additional resources • Attack Simulation – Setup a profile for stolen EC2 credentials and use the AWS CLI to see what you have access to • Remediation – Review the auto remediation Lambda function and other recommended remediations. Answer questions related to how you would remediate these within your own company • Extra Credit – Enhance the Lambda function to output a more granular alert, process other GuardDuty findings, or rotate Instance Profiles to limit downtime of an application http://lab.gregmcconnel.net/
15.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab 2 http://loftlab.gregmcconnel.net/
16.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Lab Discussion
17.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved Amazon GuardDuty Next Steps Enable GuardDuty - monitor the cost and findings during the 30 day no cost trial period – assess after 30 days where GuardDuty will sit in your overall security strategy. https://aws.amazon.com/guardduty/
18.
© 2017, Amazon
Web Services, Inc. or its Affiliates. All rights reserved aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS
Download now