100 days of cloud AWS Cloud Computing DevOPS Health and Wellbeing in IT Information Security

The THREAT HUNTER of your Cloud – 100 days of Cloud: Day 25

ByAnuvindh

Apr 1, 2022 #100daysofcloud, #AWS, #Cloud Technology, #DevOPS, #Security, #Security Automation
Post Views: 546
+1
0
+1
0
+1
0
+1
0
+1
0

The THREAT HUNTER of your Cloud

#security #cloud #cybersecurity #productivity

DAY 25 – THE THREAT HUNTER OF CLOUD – Day Twenty Five

Image tweet
Image cover

100 days of Cloud on GitHub – Read On iCTPro.co.nz – Read on Dev.to

  • Collect logs from AWS resources
  • use Machine Learning , Statistical analysis and graph theory.
  • Detect and investigate threats

A fast and effective way to identify a root cause for security issues. Detective can process terabytes of data and comes with data visualization of the vast information from the report.

AMAZON Detective

Image pickchu

How to ?

  • Enable Amazon Detective from the console
  • The Data will be automatically organized into graph model. – investigate using GaurdDuty and AWS Security Hub, ** Amazon Macie**.
  • Find the Cause using interactive visualizations.

Lets talk a bit about Amazon GuardDuty

Image gaurdduty
Its a treat detection service from AWS Which continuously monitors malicious activity. This is done with the help of Machine Learning & Anomaly detection.
Data’s from CloudTrail, VPC flow logs, DNS logs are used for analysis to provide graph view.

GaurdDuty have to enabled and wait for 48 hours to enable the Detective

Why should we use ?

  • Investigate, determine the cause related to incidents.
  • Triage, determine who should look into it.
  • Threat Identification , detailed understanding to identify threat.

Cost ?

  • Free for 30 days
  • Check out this link to understand more about the Detective Pricing on each region.

Image budget

Works with Services
CloudTrail (AWS api calls), VPC flow logs (traffic on VPC)

Terminologies

  • Behavior graph – Generated from incoming data with the account
  • Detective source Data – information on AWS Flowlogs, CloudTrail and GaurdDuty Findings.
  • Entity – Extracted from source data.
  • Finding – issues found by guard duty.
  • Investigation – Finding out root cause for issue.
  • Profile – Visualizations and supporting information.
  • Profile Panel – Visualization on profile.
  • Relationship – what’s happening with two individual resources. or how they are related.

You can use a primary account to collect all data to create graph from secondary account. Secondary account will only have data that contributed to primary account.

Important links

✅Connect with me on Twitter
🤝🏽Connect with me on Linkedin
🧑🏼‍🤝‍🧑🏻 Read more post on dev.to or iCTPro.co.nz
💻 Connect with me on GitHub

+1
0
+1
0
+1
0
+1
0
+1
0

By Anuvindh

ICT professional who is highly enthusiastic about Cloud technologies and Information Security.

Related Post

100 days of cloud AWS Cloud Computing DevOPS Others

Everything you should know as a Cloud Guru for Storage – 100 days of Cloud: Day 37

Dec 18, 2022 Anuvindh
100 days of cloud AWS Cloud Computing DevOPS Information Security

How to delete everything from your AWS account – 100 days of Cloud: Day 36

Jul 31, 2022 Anuvindh
100 days of cloud AWS Cloud Computing DevOPS Information Security

DevOps on Amazon Web Services (AWS) 100 days of Cloud: Day 35

Jun 27, 2022 Anuvindh

You missed

100 days of cloud AWS Cloud Computing DevOPS Others

Everything you should know as a Cloud Guru for Storage – 100 days of Cloud: Day 37

Dec 18, 2022 Anuvindh
100 days of cloud AWS Cloud Computing DevOPS Information Security

How to delete everything from your AWS account – 100 days of Cloud: Day 36

Jul 31, 2022 Anuvindh
100 days of cloud AWS Cloud Computing DevOPS Information Security

DevOps on Amazon Web Services (AWS) 100 days of Cloud: Day 35

Jun 27, 2022 Anuvindh
100 days of cloud AWS Cloud Computing DevOPS

Ansible For Everyone (Ansible Playbooks) – Part 3: 100 days of Cloud: Day 34

Jun 16, 2022 Anuvindh