The Safe Room: Responding to Security Events
We’re back! Join host Kyle Dickinson and special guests on Twitch for an all new season. When it comes to life in the cloud, there’s nothing more important than security. Members of the AWS Customer Incident Response Team (CIRT) will help you learn detailed, specific methods of developing applications and workflows securely, as well as how to respond when incidents do occur. Each episode will include practical advice, instruction, and Q&A. Join us at twitch.tv/aws.
Sign-up to receive information about upcoming free training that we will be offering on Twitch.
S2 Episode 1: Safe Room is back! And IAM excited.
The Safe Room has returned! Join host Kyle Dickinson and Cydney Stude for an all new season. On our first episode of 2022 we will talk about the future of The Safe Room, Amazon GuardDuty's new IAM Findings and expanded support for EKS. PLUS! an efficient way to respond to exposed IAM Credentials.
S2 Episode 2: Pardon me, your Web App is showing
On this episode of The Safe Room, join Kyle to talk about detecting suspicious behavior from vulnerable Web Applications, and resources to get you started with Security Services on AWS.
S2 Episode 3: Hanging out with the AWS CIRT
The AWS Customer Incident Response Team supports AWS customers during active security events. Join us as we cover what the AWS CIRT Team does, how. to report security concerns, and answer questions from The Safe Room mailbox.
Instructor: Kyle Dickinson, Robert Saul & Jason Hurst
S2 Episode 4: Tooling Tuesday on a Wednesday because we can
AWS CIRT has created many open-source tools to help prepare and respond to security events. Join us! As we demonstrate enabling logging at scale using Assisted Log Enabler, simulating events with CloudSaga, and analyzing service logs with Athena Security Analytics bootstrap. We promised you this episode!
Instructor: Kyle Dickinson, Cydney Stude & Jason Hurst
S2 Episode 5: AWS CIRT Honky Tonk!
The AWS CIRT Team is in Nashville this week and well - marketing needed an episode name and description, so AWS CIRT Honky Tonk it is! We’re going to talk about a couple topics that aren’t spoken about too often. MFA is great! But do you have it enabled for your command line? Some considerations our Security Teams should take a look at with Resource Access Manager, and how to make sure your EBS Snapshots don’t make it public.
Instructor: Kyle Dickinson
S1 Episode 1: Protecting AWS IAM credentials
We’ll get started with a brief introduction to the AWS Customer Incident Response Team (CIRT) and a deep dive discussion reviewing strategies to protect IAM credentials and access keys.
S1 Episode 2: Protecting from and recovering from ransomware
In this episode, we’ll cover ransomware avoidance, detection, response, and recovery. Learn how to confidently protect your applications and workflows in this session. We’ll also talk about recovering from an event.
Resources
S1 Episode 3: Incident response planning
Do you have questions about how to start an incident plan? Don’t know where to begin? We’ll review the applicable guidance and controls that serve as a starting point for building or updating your incident response plan.
S1 Episode 4: Logging: Where, when, and why to log
Did you know that log files are the single most important element of any security investigation? Service logging is implemented by the user and should be implemented looking forward to an investigation. In this episode we’ll talk more about why you should log events, what specifically to log, and where to store the logs.
Resources
- Assisted Log Enabler for AWS
- How CloudTrail works
- Viewing events with CloudTrail Event history
- Non-API events captured by CloudTrail
- Global service events
- Enabling and disabling global service event logging
- Creating a trail for your AWS account
- AWS CLI create trail
- CloudTrail log file examples
- VPC Flow Logs
- VPC flow log records
- Publish flow logs to Amazon S3
- Learn from your VPC flow logs with additional meta-data
- Public DNS query logging
- Resolver query logging
- DNS Query log example
- Logging options for Amazon S3
- Logging requests using server access logging
- Amazon S3 server access log format
- Enable access logs for your Classic Load Balancer
- Access logs for your Application Load Balancer
- Access logs for your Network Load Balancer
- Viewing configuration details
- Reading data from Amazon Kinesis data streams
- Using AWS Lambda with Amazon Kinesis
- Developing consumers using Amazon Kinesis Data Analytics
- Writing to Kinesis Data Firehose using Kinesis Data Streams
S1 Episode 5: Log analysis with Athena Bootstrap
Now that you have all of those critical service events being logged, what are you doing with the data? How are you turning it into usable information? Turning on the logs is a great first step, making them useful is the next step. This episode will show you how to utilize Athena to perform log analysis.
Resources
AWS Training and Certification on Twitch
AWS Training and Certification offers free live and on-demand training on Twitch. Join our experts for live shows and ask questions, chat with the community, and get weekly resources straight to your inbox. Explore all of our on-demand shows for training whenever it suits your schedule.