Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Amazon Web Services

AWS Security Incident Response - Cryptomining Use Case

Amazon Web Services and Amazon via AWS Skill Builder

Overview

This course is a guided practice use case. It invites you to investigate a cryptomining security incident by using the Security Incident Workflow process. The topics covered in this course are 300-level and require you to understand how to use various services in Amazon Web Services (AWS). You are encouraged to complete the Security Incident Response Overview course before taking this course to gain a deeper understanding of the investigation process. There are two modules in the Security Incident Response Overview course: Module 1: Define Security Incident Response and Module 2: Using AWS Services to Investigate Security Incidents.

-         Course level: Advanced

-         Duration: 50 minutes

Activities

This course includes interactive learning objects.

Course objectives

In this course, you will learn to:

  • Verify any charges in the AWS Billing console
  • Review log sources in AWS CloudTrail to determine if any resources were created
  • Disable any compromised users from the AWS Identity and Access Management (IAM) console
  • Remove any suspicious or unauthorized resources
  • Restore the environment to a safe state

Intended audience

This course is intended for:

-         Security engineers

-         Security operations center (SOC) analysts, incident analysts (responders), and security operations (SecOps)

-         Security managers and security principals


Prerequisites

We recommend that attendees of this course have completed:

-         AWS Security Incident Response Series Overview course, which provides the foundational knowledge you will need to investigate a security incident

-         AWS Security Fundamentals (Second Edition), which provides baseline training on how the AWS services work

 

Course outline

Topic 1: Navigation

-         How to Use This Course

Topic 2: Introduction

-         Welcome

Topic 3: Cryptomining Guided Practice

-         Cryptomining IAM Credential Introduction

-         Part 1: Detect

-         Part 2: Analyze

-         Part 3: Contain

-         Part 4: Analyze

-         Part 5: Contain

-         Part 6: Eradicate and Recover

-         Summary

Topic 4: Additional Help

-         Learn More

Topic 5: For Students

-         Contact Us

Reviews

Start your review of AWS Security Incident Response - Cryptomining Use Case

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.