Friday, October 19, 2018

Cloud IR Resources - Sky-hi IR: IR at cloud scale

Talk slides here:

Recording here: https://www.youtube.com/watch?v=Q8hfcBJVKq8&t=15s

Big "Thanks!" to BsidesRDU.org and Adrian Crenshaw (@irongeek_adc)


Data costs:

https://azure.microsoft.com/en-us/pricing/details/bandwidth/
https://aws.amazon.com/blogs/aws/estimate-your-c/

Tools:

SIFT Workstation
Getting Data from S3 via Python
AWS Montoring and Alerting 3-rd party tools:

  • Cloud-Custodian
  • Cloud-Inquisitor
  • CloudTracker
  • Security Money
  • StreamAlert
  • Wazuh


Related Talks:

Logging, Monitoring, and Alerting in AWS (The TL;DR) - SANS DFIR Summit 2018 - Jonathan Poling (@JPoForenso)

Automating Incident Response and Forensics in AWS - Ben Potter - AWS Security Lead


How-Tos:
How to copy a VMDK to image

SIFT Workstation How-Tos


Whitepapers
Incident Handler's Handbook by Patrick Kral - February 21, 2012


No comments:

Post a Comment