search

digitc1 / AWSLandingZone

Repository for AWSLandingZone module developed by DIGIT.C.1
Apache License 2.0
1 stars 0 forks source link

WP4 : Forensics - recipe to automate EC2 forensics (snapshots) - System Manager - Analysis #91

Closed neisije closed 1 year ago

neisije commented 3 years ago

Analysis

  1. CSIRC to provide the technical steps required to automate forensics in case of potential security issue on EC2 (Live snapshots, EC2 isolation, EC2 stopped and not terminated, ...)
  2. Automate the technical steps in a recipe (shell / ansible playbook / ...)
  3. Integrate the recipe in System Manager
  4. Design an IAM role allowing CSIRC/SOC to apply from System Manager the recipe

Implementation

  1. Deploy the role and recipe in System Manager with the LZ on the linked and seclog accounts

Communication

  1. Document the technical procedure (wiki)
  2. Share the technical procedure (technical workshops)
neisije commented 3 years ago

@Austin : I assume this ticket should be assigned internally to someone else than you. If you could route this ticket to the correct person, that would be great

austindimmer commented 3 years ago

Hi JC, sorry I only saw this just now. I will raise this in our standup tomorrow.

silavjy commented 1 year ago

Not in scope of the current AWS LZ