TryHackMe AWS Security Logging | Splunk | Full Walkthrough 2026 скачать в хорошем качестве

TryHackMe AWS Security Logging | Splunk | Full Walkthrough 2026

Dive into various AWS log sources and learn how they can help your SOC team. 🐍 🔥 Room Link: https://tryhackme.com/room/awssecurit... We will use Splunk for logs investigation 🔥 Amazon Web Services (AWS) is one of the most used IaaS cloud providers, and many companies worldwide, including TryHackMe, heavily use its compute, storage, databases, networking, and ML services. This room explains the tools to monitor the AWS cloud environment for threats and provides best practices on auditing AWS activities in SIEM by the SOC. 🔥 Learning Objectives 🔥 🐧Explore control plane, managed services, and workload security 🐧Practice using CloudTrail and GuardDuty for threat detection 🐧Learn about cloud log sources, such as CloudFront and S3 logs 🐧Gain a broad overview of how to log and monitor AWS as a SOC 🔥 Timestamps: 🔥 [00:00:00] Task 1: Introduction [00:03:00] Task 2: What to Secure in AWS [00:05:58] Task 3: Covering AWS Control Plane [00:11:06] Task 4: CloudTrail and GuardDuty [00:25:18] Task 5: Covering Managed Services [00:32:17] Task 6: Logging of AWS Workloads [00:35:30] Task 7: Conclusion 🔥 Room Tasks 🔥 🐮 Task 1: Introduction 🙌 Task 2: What to Secure in AWS Which security area covers management actions within the AWS console? Which of the mentioned AWS services provides virtual machines in the cloud? 🐎 Task 3: Covering AWS Control Plane From which IP did jeff.harrison user log in to AWS? To which AWS account ID did jeff.harrison user log in? What S3 bucket did jeff.harrison create after the login? 🐶 Task 4: CloudTrail and GuardDuty Find the "AnomalousBehavior" GuardDuty alert in the logs. From which VPN did the suspicious activity originate? Analyze two other alerts from the i-04fa0268276e1f763 EC2 instance. What is the path to the detected malware, and which domain did it query? Continue to the CloudTrail logs to get more instance context. Who created the infected EC2 instance? Provide the full ARN field. Which two risky ports did that user expose for the EC2 instance? 🏎️ Task 5: Covering Managed Services Which IP address logged in to the admin portal? How many IPs searched for the "tryhackme" keyword? 🐆 Task 6: Logging of AWS Workloads How would you call a service that is built and maintained by the cloud vendor? Which cloud workload monitoring tool was mentioned as an alternative to Auditd? 🐱 Task 7: Conclusion ⚠️ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems. Don't forget to 👍 LIKE and 🔔 SUBSCRIBE for more cybersecurity tutorials! #tryhackme