Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS cli based incident response playbook

0

previously we have linux cli based playbook to identify linux attack, like cat /etc/passwd, netstat -anp, in AWS cloud, do we have a cli based incident response playbook? can anyone share the command list for investigating AWS compromise(EC2, IAM,S3) and AWS kubernetes compromise? thanks

Themen
Management & Unternehmensführung
Tags
Reaktion auf Vorfälle
Sprache
English
AWS-User-6667474
gefragt vor 2 Jahren365 Aufrufe
2 Antworten
1

There are sample incident response playbooks on our GitHub: https://github.com/aws-samples/aws-customer-playbook-framework, https://github.com/aws-samples/aws-incident-response-playbooks

AWS
AWS-User-9401600
beantwortet vor einem Jahr
0

For general AWS Security, I would start here: https://aws.amazon.com/architecture/security-identity-compliance/. The AWS whitepaper covers a lot of AWS security, including Detection which would be how to investigate/detect strange behavior.

AWS has a service called GuardDuty that comes with security checks: https://aws.amazon.com/guardduty/. For pricing information, check https://aws.amazon.com/guardduty/pricing/.

GuardDuty will analyze VPC Flow Logs, AWS CloudTrail management event logs, CloudTrail S3 data event logs, and DNS logs for suspicious events.

For Incident Response, here's a start: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/ This is another guide that AWS publishes: https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/welcome.html.

jsonc
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt