- 최신
- 최다 투표
- 가장 많은 댓글
There are sample incident response playbooks on our GitHub: https://github.com/aws-samples/aws-customer-playbook-framework, https://github.com/aws-samples/aws-incident-response-playbooks
For general AWS Security, I would start here: https://aws.amazon.com/architecture/security-identity-compliance/. The AWS whitepaper covers a lot of AWS security, including Detection which would be how to investigate/detect strange behavior.
AWS has a service called GuardDuty that comes with security checks: https://aws.amazon.com/guardduty/. For pricing information, check https://aws.amazon.com/guardduty/pricing/.
GuardDuty will analyze VPC Flow Logs, AWS CloudTrail management event logs, CloudTrail S3 data event logs, and DNS logs for suspicious events.
For Incident Response, here's a start: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/ This is another guide that AWS publishes: https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/welcome.html.
관련 콘텐츠
- AWS 공식업데이트됨 3년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 7달 전
- AWS 공식업데이트됨 3년 전