AWS Security Incident Response Overview

Security Incident Response Overview is the first course in the Security Incident Response curriculum. This course is a prerequisite for interactive use cases that guide you through investigating common types of security incidents.

In Module One: Define Security Incident Response, you will be introduced to security incidents and the security incident response workflow. In Module Two: Use AWS Services to Investigate Security Incidents, you will discover how investigate security incidents using AWS services for each phase of the security incident response workflow.

-         Course level: Fundamental

-         Duration: 1 hour 40 minutes

Activities

This course includes interactive learning objects.

Course objectives

In this course, you will learn to do the following:

·        Define a computer security incident. 

·        Define incident response and the importance of having a process in place. 

·        List the cloud security incident domains.

·        Recognize the key differences of incident response in Amazon Web Services (AWS).

·        Explain the security incident response process for AWS.

·        State the purpose and goal of each phase of the security incident response process.

·        Identify appropriate AWS services to use for each phase of the security incident response process.

·        Describe how to use AWS services to investigate a security incident.

·        Locate training and resources for AWS services to investigate security incidents.

Intended audience

This course is intended for the following roles:

-         Security engineers

-         Security operations center (SOC) analysts, incident analysts (responders), and security operations (SecOps)

-         Security managers and security principals

Prerequisites

We recommend that attendees of this course have the following prerequisites:

-         AWS Security Fundamentals (Second Edition), which provides baseline training on how the AWS services work

Course outline

Module 1: Define Security Incident Response

Section 1: Navigation

- How to Use This Course

Section 2: Introduction

- Lesson 1: Welcome

Section 3: Security Incidents Overview

- Lesson 1: Security Incident Definition

- Lesson 2: Investigating Security Incidents

- Lesson 3: Security Incidents in the AWS Cloud

Section 4: Security Incident Response Workflow

- Lesson 1: Overview

- Lesson 2: Detect Phase

- Lesson 3: Analyze Phase

- Lesson 4: Contain Phase

- Lesson 5: Eradicate Phase

- Lesson 6: Recover Phase

Section 5: Conclusion

- Lesson 7: Contact Us

Module 2: Use AWS Services to Investigate Security Incidents

Topic 1: Introduction

- Lesson 1: How to Use This Course

- Lesson 2: Welcome

Topic 2: Use AWS Services for Security Incident Response

- Lesson 3: Overview

- Lesson 4: Detect with AWS

- Lesson 5: Analyze with AWS

- Lesson 6: Contain with AWS

- Lesson 7: Eradicate with AWS

- Lesson 8: Recover with AWS

- Lesson 9: Putting it All Together

Topic 3: Conclusion

- Lesson 10: Security Incident Response Resources

- Lesson 11: Contact Us