Improving Response by being "Data Wrangling" Amateurs in AWS

This presentation was held at #BSidesBUD2021 virtual IT security conference on 27th May 2021. Improving Response by being "Data Wrangling" Amateurs in AWS - a presentation by Swetha Balla Incident response in AWS can be challenging for a couple of reasons - either logs are not available, making response impossible, or the log volume is large, making it hard to identify anomalous activity. These challenges are not necessarily new or unique to the cloud environment. However, building a relatively simple data pipeline by leveraging some of AWS’s “data” services can help address these challenges. In this talk, I will share “data wrangling” skills that I have acquired by responding to multiple AWS breaches, with a focus on: - Which logs should be enabled, and why? - How to store these logs to reduce storage cost and improve query performance? - How to visualise logs? - A sample case study (focus on Cloudtrail logs) using these skills. This presentation’s key takeaway will be learning about some tools typically used by the data teams and using them for incident response. https://bsidesbud.com All rights reserved.