Overview:
August Schell's upcoming AWS Security Hands-On Workshop is a scenario-based, hands-on workshop designed for Splunk security customers already in or moving into AWS. This workshop provides users an opportunity to gain familiarity with different key pieces of cloud-focused data within AWS and then apply that knowledge to security monitoring and incident response.
Join Alex Maier, Splunk Certified Architect, for this hands-on workshop that will include:
- On-premise vs. AWS infrastructure comparison
- Splunk and AWS integration
- Getting acquainted with AWS data
- Hands-on investigations
You'll leave this workshop with a better understanding of how Splunk can be used to detect malicious activity in AWS and how Splunk can be a single collection point for both on-premise and cloud-centric data sources.
Agenda:
On-prem vs. AWS Infrastructure Comparison |
This module helps identify the different sources of data an organization would need to collect from AWS to get similar visibility to what they have on-prem. |
Deployment Options |
The workshop covers different ways you can deploy a AWS monitoring solution using Splunk. |
Splunk in AWS for Security |
Gain a high level overview of how the Splunk App/Add-on for AWS works, what data sources can it collect, what do those sources provide. |
Hands-On Scenario 1: Investigate a compromised AWS account |
Complete investigation of a compromised AWS account and the impact of the breach |
Hands-On Scenario 2: Investigate an accidental public S3 bucket exposure |
Discovery of the open bucket and the subsequent investigation to determine the impact |
Hands-On Scenario 3: Investigate UDP DoS Amplification attack due to misconfiguration |
Combat a common type of DoS attack, identify what it is, and understand how it happened |