YoVDO

AWS Security Incident Response - Compromised IAM Credentials Use Case

Offered By: Amazon Web Services via AWS Skill Builder

Tags

Incident Response Courses Security Engineering Courses AWS CloudTrail Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

This course is a guided practice use case. It invites you to investigate a security incident involving compromised AWS Identity and Access Management (IAM) credentials by using the Security Incident Workflow process. The topics covered in this course are 200-level and require you to understand how to use various services in Amazon Web Services (AWS). You are encouraged to complete the AWS Security Incident Response Overview course before taking this course to gain a deeper understanding of the investigation process. There are two modules in the AWS Security Incident Response Overview course: Module 1: Define Security Incident Response and Module 2: Use AWS Services to Investigate Security Incidents.

Course level: Intermediate

Duration: 40 minutes

Activities

This course includes interactive learning objects.

Course objectives

In this course, you will learn to:

  • Identify the source of an alert using Amazon GuardDuty.
  • Review events in AWS CloudTrail to determine the scope of an incident.
  • Use the IAM console to deactivate access for any compromised IAM user.
  • Delete or rotate access keys from the IAM console.

Intended audience

This course is intended for:

Security engineers

Security operations center (SOC) analysts, incident analysts (responders), and security operations (SecOps)

Security managers and security principals

Prerequisites

We recommend that attendees of this course have:

AWS Security Incident Response Overview course, which provides the foundational knowledge you will need to investigate a security incident

AWS Security Fundamentals (Second Edition), which provides baseline training on how the AWS services work


Course outline

Topic 1: Navigation

How to Use This Course

Topic 2: Introduction

Welcome

Topic 3: Compromised IAM Credentials Guided Practice

Compromised IAM Credentials Introduction

Part 1: Detect

Part 2: Analyze

Part 3: Contain

Part 4: Analyze

Part 5: Eradicate

Part 6: Recover

Summary

Topic 4: Additional Help

Learn More

Topic 5: For Students

Contact Us


Tags

Related Courses

Auditing Your Security with AWS Trusted Advisor
Amazon Web Services via AWS Skill Builder
AWS Security Best Practices: Overview (Portuguese)
Amazon Web Services via AWS Skill Builder
AWS Security Incident Response Overview
Amazon Web Services via AWS Skill Builder
Choosing Between Amazon EC2 and Amazon Lightsail (Indonesian) (Na)
Amazon Web Services via AWS Skill Builder
Gemini for Security Engineers - Bahasa Indonesia
Google Cloud via Coursera