Logging, Monitoring, and Alerting in AWS (The TL;DR) - SANS DFIR Summit 2018

With AWS’ ever-increasing number services and ever-growing complexity, individuals and organizations are desperately seeking the “TL;DR” of what services are available to protect them from and respond to attacks, and how to best configure them for effective and efficient monitoring, alerting, and incident response. The first part of this presentation will walk the audience through the core services and capabilities that are critical to logging, monitoring, alerting, and responding to threats. The second part will walk the audience through specific monitoring and alerting configurations that the audience can immediately apply to their infrastructure to begin and/or improve their path toward securing their AWS infrastructure. Whether you’re just starting out in AWS or have been using it for years, there is something for everyone to learn or brush up on in ensuring your org is best prepared to monitor for and respond to a compromise. Jonathan Poling (@JPoForenso), Managing Principal Consultant, SecureWork