AWS security monitoring and alerting with open source tools

If you are running any sort of workload on AWS (production, staging, or testing), you need to be running monitoring and alerting. The problem is that knowing what you should monitor and how to implement it can be overwhelming. Using something like the AWS Security Survival Kit (SSK), which is free and open source, can give you a really good starting point. You can download it and modify it however you'd like, or you can just deploy it with default settings and then use it to build on as you go. Either way, I'll show you how to get started in this video so you can keep an eye on your AWS resources.

💬 Chat with me

🔗 Links mentioned in the video:

🎓 Courses

🚨 Disclaimer
This video is strictly for educational purposes and to teach you how you can detect and mitigate threats from your or your employer's cloud environments. Learning about real threats, ethical hacking, and penetration testing is an important way of protecting ourselves against threat actors.

⏱ Timestamps:
00:00 - 00:23 - Intro
00:24 - 01:41 - About the SSK
01:42 - 01:53 - SSK Cheat Sheet
01:54 - 04:22 - Suspicious activities to monitor
04:23 - 04:48 - Secure by default settings
04:49 - 05:34 - How it deploys the secure by default settings
05:35 - 07:04 - Configuring the SSK
07:05 - 08:02 - Creating a CloudWatch Logs Group
08:03 - 10:07 - Resources that get deployed
10:08 - 13:07 - Deploying the SSK
13:08 - 13:33 - Receiving notifications
13:34 - 14:07 - Additional step you might need
14:08 - 14:24 - Testing notifications
14:25 - 14:36 - If you're not receiving notifications
14:37 - 15:59 - Setting up CloudTrail to push logs to CloudWatch
16:00 - 17:00 - Wrapping up and next steps

#cybersecurity #awssecurity #cloudsecurity #ssk #monitoring #alerting #infrastructureascode #cloudformation