AWS-Logo_White-Color
1.
Workshop Instructions
2.
Introduction to threat detection and response services
2.1
AWS Security Hub
2.1.1
Security Hub - Overview
2.1.2
Security Hub - Dashboard
2.1.3
Security Hub - Findings
2.1.4
Security Hub - Pricing
2.1.5
Security Hub - Notifications
2.2
Amazon GuardDuty
2.2.1
GuardDuty - Overview
2.2.2
GuardDuty - Findings
2.2.3
GuardDuty - Protection plans
2.2.4
GuardDuty - Building your own threat list
2.2.5
GuardDuty - Suppressing findings
2.2.6
GuradDuty - Pricing
2.2.7
GuardDuty - Notifications
2.2.8
GuardDuty - Retaining findings
2.3
Amazon Inspector
2.3.1
Inspector - Overview
2.3.2
Inspector - Dashboard
2.3.3
Inspector - Findings
2.3.4
Inspector - Vulnerability database search
2.3.5
Inspector - Suppressing findings
2.3.6
Inspector - Pricing
2.4
Amazon Detective
2.4.1
Detective - Overview
2.4.2
Detective - Summary
2.4.3
Detective - Search
2.4.4
Detective - Investigations
2.4.5
Detective - Finding Groups
2.4.6
Detective - Pricing
2.4.7
Detective - EKS Audit Logs
3.
Integrating AWS Services and Partner Solutions
3.1.
Centralizing findings from AWS security services
3.2.
Aggregating findings from multiple AWS accounts
3.3.
Centralizing findings from AWS partner solutions
3.4.
Cross-region finding aggregation
3.5.
Building your own Security Hub integration
4.
Managing and Prioritizing Security Findings
4.1
Prioritizing findings at scale with automations
4.2
Suppressing findings at scale with automations
4.3
Using insights for prioritization and metrics
5.
Automating Notifications and Response
5.1
Setting up notifications
5.2
Set up a weekly vulnerability summary email
5.3
Automated Security Response on AWS
5.4
Building your own automated response
5.5
Enriching security findings with investigative data
6.
Security Simulations and Scenarios
6.1
Respond to IAM Role credential exfiltration
6.2
Respond to a compromised S3 Bucket
6.3
Respond to compromised IAM credentials
6.4
Respond to a Lambda function calling malicious IP
6.5
Respond to Malware on Amazon Elastic Block Store
6.5
Respond to Malware on Amazon Elastic Block Store
7.
Software Vulnerability Management
7.1
Patching EC2 with Patch Manager
7.2
Vulnerability management for serverless applications
7.3
Integrating Amazon Inspector into a CI/CD pipeline
8.
Clean up resources
More
AWS Study Group
English
Tiếng Việt
Clear History
Workshop
Cloud Journey
Last Updated
19-08-2024
Author
Hải Anh
Threat Detection & Response Workshop
>
Introduction to threat detection and response services
> Amazon Inspector
Content
Amazon Inspector
Content
Inspector - Overview
Inspector - Dashboard
Inspector - Findings
Inspector - Vulnerability database search
Inspector - Suppressing findings
Inspector Pricing