Back to Course
Incident Response with CloudTrail and Athena
0% Complete
0/0 Steps
-
Introduction
Start here! -
About the course
-
Important! Use a separate AWS account for this course
-
Optional but helpful tools
-
[LAB] Enable budget alerting
-
Preparing your AWS accountThe roles we need
-
Enable IAM Identity Center
-
Creating the SecurityAnalyst role
-
Assuming roles created through Identity Center
-
Creating remaining roles
-
Incident Response with CloudTrail LakePlaybook - Compromised IAM access key
-
Configuring CloudTrail Lake
-
Deploying lab resources
-
Simulating an attack - S3 backdoor and data exfil
-
Analysis - Validate
-
Containment - Access Key
-
Analysis - Scope
-
Containment - User and S3 Bucket
-
Analysis - Impact
-
Eradication
-
Recovery
-
Post-incident activity
-
Response Steps & Complete Playbook (Recap)
-
Cleaning up
-
Incident Response with AthenaPlaybook - Cryptocurrency mining
-
Updating our permission sets
-
Configuring our AWS environment
-
Simulating an attack
-
Analysis - Validate
-
Containment - User & Access Key
-
About Athena
-
Configuring Athena
-
Analysis - Scope - Part 1
-
Analysis - Scope - Part 2
-
Analysis - Scope - Part 3
-
Containment - Backdoor User
-
Containment - Instances
-
Analysis - EC2 Forensics
-
Analysis - Impact
-
Eradication
-
Recovery
-
Post-incident activity
-
Response Steps & Complete Playbook (Recap)
-
Cleaning up
-
Incident Response for multi-accountMulti-account architecture for security logging
-
Deploying roles for multi-account IR
-
Multi-account CloudTrail deployment
-
Enable centralized CloudTrail Lake Event Data Stores and Queries
-
About deploying with IaC
-
ConclusionWhat now?
Responses