Loading...
 

Monitoring Amazon Web Services (AWS) - AWS CloudTrail

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.” (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

CIS Control 6: Maintenance, Monitoring, and Analysis of Audit Logs

"Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

"Sometimes logging records are the only evidence of a successful attack. Many organizations keep audit records for compliance purposes, but attackers rely on the fact that such organizations rarely look at the audit logs, and they do not know that their systems have been compromised. Because of poor or nonexistent log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing, even though the evidence of the attack has been recorded in unexamined log files." (https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/)

CloudTrail

“AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.” (https://aws.amazon.com/cloudtrail/)

Introduction

Creating a trail for all AWS regions, storing the logs in AWS Simple Storage Service (S3) and encrypting the logs using AWS Key Management Service (KMS).

Requirements

  • An AWS Account
  • An AWS user, preferably not the Root User, with access to AWS CloudTrail, S3, KMS, etc.

Instructions

Creating a Trail - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html

References

Books

Linux Command Line and Shell Scripting Bible Linux Command Line and Shell Scripting Bible - Linux Command Line and Shell Scripting Bible is your essential Linux guide. With detailed instruction and abundant examples, this book teaches you how to bypass the graphical interface and communicate directly with your computer, saving time and expanding capability.


Linux Bible Linux Bible - Linux continues to be an excellent, low-cost alternative to expensive operating systems. Whether you're new to Linux or need a reliable update and reference, this is an excellent resource. Veteran bestselling author Christopher Negus provides a complete tutorial packed with major updates, revisions, and hands-on exercises so that you can confidently start using Linux today.


Learning Python Learning Python - Portable, powerful, and a breeze to use, Python is the popular open source object-oriented programming language used for both standalone programs and scripting applications.


Modern PHP: New Features and Good Practices Modern PHP: New Features and Good Practices - PHP is experiencing a renaissance, though it may be difficult to tell with all of the outdated PHP tutorials online. With this practical guide, you'll learn how PHP has become a full-featured, mature language with object-orientation, namespaces, and a growing collection of reusable component libraries.