All things 'Security'

Amazon GuardDuty, Inspector, IAM Access Analyzer, Macie, Firewall Manager, Amazon Health, Amazon Systems Manager, AWS Config

Amazon GuardDuty, Inspector, Firewall Manager, Macie

Amazon GuardDuty,

Inspector, AWS Config, IAM Access Analyzer

Amazon GuardDuty,

Inspector, AWS Config, Amazon Health, Firewall Manager

Use Athena to query your CloudTrail data and compare the IAM permissions before the incident with the current IAM permissions

Generate a Credential Report and compare the IAM permissions before the incident with the current IAM permissions

Compare the IAM permissions before the incident with the current IAM permissions using AWS Config

Compare the IAM permissions before the incident with the current IAM permissions using CloudTrail

Check your DNS logs to see if any of your instances are querying a domain name that is associated with cryptocurrency-related activity

Use Amazon Inspector to check if any of your instances are querying a domain name that is associated with cryptocurrency-related activity

Check your VPC Flow logs to see if any of your instances are querying a domain name that is associated with cryptocurrency-related activity

Use AWS GuardDuty to see if any of your instances are querying a domain name that is associated with cryptocurrency-related activity

AWS Inspector

VPC Flow logs

AWS Network Firewall

GuardDuty

Use Lambda to create a restrictive Security Group which only allows SSH from a single forensic workstation. Use AWS Config to replace the Security Group to the instance as soon as it is detected as being compromised.

Create a restrictive Security Group which only allows SSH from a single forensic workstation. Use Lambda to replace the Security Group to the instance as soon as it is detected as being compromised.

Create a restrictive Security Group which only allows SSH from a single forensic workstation. Use CloudFormation to apply the Security Group to the instance as soon as it is detected as being compromised

Create a restrictive Network ACL which only allows SSH from a single forensic workstation. Use AWS Config to apply the ACL to the instance as soon as it is detected as being compromised

AWS Config, Config Rules, Lambda

EventBridge

Lambda

SNS

GuardDuty

SecurityHub

SNS

EventBridge

SecurityHub

SNS

Immediately discover and scan AWS workloads for vulnerabilities;

Consolidate vulnerability management for Amazon EC2, AWS Lambda functions, and container images in Amazon ECR;

Use the highly accurate Inspector risk score to efficiently prioritize remediation.

Consolidate vulnerability management for Amazon EC2, AWS Lambda functions, and container images in Amazon ECR

Immediately discover and scan AWS workloads for vulnerabilities;

Use the highly accurate Inspector risk score to efficiently prioritize remediation.

Use the highly accurate Inspector risk score to efficiently prioritize remediation;

Consolidate vulnerability management for Amazon EC2, AWS Lambda functions, and container images in Amazon ECR

Configure the resource and action values as 'arn:aws:dynamodb:region:account-id:table/' and 'dynamodb:'

For the resource value, specify all 3 tables individually, e.g. 'arn:aws:dynamodb:region:account-ID:table/ev_charge_stations' and use 'dynamodb:PutItem' as the policy's action value.

Use '*' as the resource value and specify 'dynamodb:PutItem' as the policy's action value.

Specify 'dynamodb:PutItem' as the policy's action value and use 'arn:aws:dynamodb:region:account-id:table/ev_*' as the value for the resource.