Skip to content

Welcome to Building Detections in AWS

Description

In this workshop, you will work through detection-building process previously discussed in the SANS Webcast, Building Better Detections... By Hacking | AWS Edition. Below is the overall process we will discuss and follow:

Detection Build Process

We will conduct the following exercises:

  • Exercise 1: Deploy cloud resources with AWS CloudFormation to support both the attack and some of the automation that will be used in later exercises
  • Exercise 2: Setting up appropriate logging to catch the sample attack
  • Exercise 3: Conduct the sample attack
  • Exercise 4: Review the log data to detect the attack
  • Exercise 5: Automate the detection of the attack and test the automation
  • Exercise 6: Cleanup of the workshop resources