- Course
- Cloud
- Security
Amazon Security Hub Correlation and Forensic Analysis
Discover how to investigate AWS security incidents. This course will teach you how to correlate GuardDuty findings with AWS Config and CloudTrail data to perform forensic analysis and build dashboards for ongoing threat monitoring.
What you'll learn
Security incidents in the cloud can be difficult to investigate without the right tools and processes in place. In this course, Amazon Security Hub Correlation and Forensic Analysis, you’ll gain the ability to perform effective forensic investigations using native AWS security services.
First, you’ll explore how to identify and interpret critical GuardDuty findings, such as IAM credential compromises. Next, you’ll discover how to correlate those findings with AWS Config rule violations using Security Hub to gain deeper context. Finally, you’ll learn how to reconstruct attacker activity using CloudTrail and CloudWatch Logs Insights, and build dashboards for real-time threat monitoring.
When you’re finished with this course, you’ll have the skills and knowledge of AWS threat detection and analysis needed to investigate security incidents, visualize key metrics, and prepare for more advanced analytics using Amazon Security Lake.
Table of contents
About the author
Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at PluralSight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases.