CloudAcademy

Detecting EC2 Threats with Amazon GuardDuty

The hands-on lab is part of these learning paths

Security - Specialty Certification Preparation for AWS
course-steps 22 certification 1 lab-steps 12
AWS Security Services
course-steps 9 certification 1 lab-steps 4 quiz-steps 5

Lab Steps

keyboard_tab
lock
Logging in to the Amazon Web Services Console
lock
Enabling Amazon GuardDuty
lock
Activating a GuardDuty Threat List
lock
Examining Sample GuardDuty Findings
lock
Examining Live Threats in GuardDuty
lock
Disabling Amazon GuardDuty
lock
Validate AWS Lab

Ready for the real environment experience?

DifficultyBeginner
Duration50m
Students218

Description

Lab Overview

Amazon GuardDuty continuously monitors and identifies threats by analyzing several types of activity in your AWS account and any invited member accounts that you link to. GuardDuty can notify you of a wide variety of threats including unauthorized access, trojans, communication with Tor anonymizing, or cryptocurrency networks.

In this Lab, you will learn how to use Amazon GuardDuty to automatically uncover malicious EC2 activity, and configure threat lists to improve the security of an AWS Lab environment.

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Enable, disable, and suspend Amazon GuardDuty for AWS accounts
  • Activate threat lists and trusted IP lists, and understand when to use each
  • Understand the types of security findings GuardDuty can detect
  • Prioritize and interpret GuardDuty findings in a live environment

Lab Prerequisites

You should be familiar with:

  • Core AWS services, particularly EC2, VPC, and S3

 

Updates

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW

About the Author

Students27437
Labs74
Courses7
Learning paths4

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), Linux Foundation Certified System Administrator (LFCS), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.