During Week 4, we'll understand the basics of keeping technology available, hunting attackers in logs, understanding how to use monitoring effectively, and increase operational effectiveness through alerts and ChatOps.
- Understanding data generated by attackers
- Using logging and instrumentation to find attackers
- Detection & Alerting
During this lesson, we'll begin to understand basic logging and evaluate how an attacker can access a system from behind the scenes. In this session, we'll understand some basics for a popular logging system.
Creating and testing alerts can help you to identify when attacks are happening. This can help to aid in the strength of protective controls or allow for risks to be evaluated.
Enabling reporting and dashboards for the blue team to help discover an attacker quickly can make or break an app that depends on quick detection and response.
- AWS CloudTrail