-
Notifications
You must be signed in to change notification settings - Fork 1
401 Class 19: Cloud Detective Controls
Nathalie Abdallah edited this page Feb 12, 2024
·
8 revisions
Home | README.md | Portfolio | ← | →
Reading What is Amazon GuardDuty?
Videos
AWS re:Inforce 2019: Threat Detection on AWS: An Introduction to Amazon GuardDuty (FND216)
Indicators of Compromise (IoCs)- unusual resources launched, port scan performed, resource permissions discovery, bitcoin activity, etc
VPC flow Logs, Clout Trail Events, and DNS Logs
sites hosting hacker tools, cryptocurrency mining pools, detecting unusual out of the ordinary base line behavior. Unusual API activity, unusual logins (The speaker warns about: after getting the service, don't start doing unusual things, because you're now putting it into the baseline model)