Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

AWS cli based incident response playbook

0

previously we have linux cli based playbook to identify linux attack, like cat /etc/passwd, netstat -anp, in AWS cloud, do we have a cli based incident response playbook? can anyone share the command list for investigating AWS compromise(EC2, IAM,S3) and AWS kubernetes compromise? thanks

Temas
Gestión y gobierno
Etiquetas
Respuesta ante incidentes
Idioma
English
AWS-User-6667474
preguntada hace 2 años364 visualizaciones
2 Respuestas
1

There are sample incident response playbooks on our GitHub: https://github.com/aws-samples/aws-customer-playbook-framework, https://github.com/aws-samples/aws-incident-response-playbooks

AWS
AWS-User-9401600
respondido hace un año
0

For general AWS Security, I would start here: https://aws.amazon.com/architecture/security-identity-compliance/. The AWS whitepaper covers a lot of AWS security, including Detection which would be how to investigate/detect strange behavior.

AWS has a service called GuardDuty that comes with security checks: https://aws.amazon.com/guardduty/. For pricing information, check https://aws.amazon.com/guardduty/pricing/.

GuardDuty will analyze VPC Flow Logs, AWS CloudTrail management event logs, CloudTrail S3 data event logs, and DNS logs for suspicious events.

For Incident Response, here's a start: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/ This is another guide that AWS publishes: https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/welcome.html.

jsonc
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante