For the first time we'll integrate an external tool into our Organization, and in the process learn about real-time CSPM vs. scans, some of which you've already built without knowing it (perhaps...)!
Security Hub is Amazon's built-in CSPM and... other stuff... and... AWS keeps changing it and is in the middle of a major transition. We'll turn it on and see what we get!
It's time to learn a little more about CSPM, and run our first cross-account scan.
I'm giving a special briefing for the Cloud Security Alliance corporate members tomorrow on the AWS outage and resiliency. And all you CloudSLAW subscribers are invited to check it out
We kick off our lab series on Cloud Security Posture Management by setting everything up to securely run tools from our SecurityAudit account
Big news for me, not much changes for you (yet).
Sit back, relax, and enjoy some light reading this week instead of a lab as we review where we are and where we're headed, continuing down the incident response road.
Instead of clicky-clicky, today we'll build a new EventBridge setup for real-time threat detection and deploy our first detector.
Time-based threat detectors allow us to identify activity beyond just a single API call. Today we'll build one with Lambda and Athena and learn about sliding windows.
Time for some answers.
Let’s pretend to hack your account, so you’ll see the base Athena queries for security incidents.
Unlock the mysteries of CloudTrail logs with a few simple starter queries. We'll use these later as the basis of threat detectors and for incident analysis.
