Amazon Detective
Amazon Detective is a service that helps analyze and investigate the root cause of security findings by building linked data from logs. SCS-C02 covers it as an investigation tool alongside GuardDuty in incident response.
Amazon Detective is a service that helps analyze and investigate the root cause of security findings by building linked data from logs. SCS-C02 covers it as an investigation tool alongside GuardDuty in incident response.
Amazon GuardDuty is a threat-detection service that continuously analyzes CloudTrail, VPC Flow Logs, and DNS logs for malicious activity.
AWS Security Hub is a service that aggregates and prioritizes security findings across accounts and checks them against standards such as CIS and AWS FSBP.
Amazon Detective is a service that helps analyze and investigate the root cause of security findings by building linked data from logs.
AWS CloudTrail is a service that records API activity across an AWS account for auditing and investigation.
VPC Flow Logs capture information about IP traffic to and from network interfaces in a VPC.
AWS Network Firewall is a managed, stateful network firewall and intrusion-prevention service for VPCs.
AWS WAF is a web application firewall that filters HTTP(S) traffic to protect applications from common exploits such as SQL injection and cross-site scripting.
AWS Key Management Service (KMS) is a managed service that creates and controls the cryptographic keys used to encrypt data, with key policies, grants, and rotation.
AWS Secrets Manager is a service that stores, retrieves, and automatically rotates secrets such as database credentials and API keys.
AWS Certificate Manager (ACM) is a service that provisions, manages, and renews TLS certificates for AWS services.
An IAM policy is a JSON document that defines permissions and is evaluated (with explicit denies overriding allows) to authorize requests.
A service control policy (SCP) is an AWS Organizations guardrail that limits the maximum permissions for member accounts.
AWS Config is a service that records resource configurations and evaluates them against rules and conformance packs for compliance.