Posts in Detection and Monitoring
Detecting Recon and Scanning Activity in AWS: A Crash Course

With the increasing transitions of various infrastructures into the cloud, blue teams can be left with a huge blind spot when it comes to finding various nefarious activities within cloud environments. Combine this with the rapid and instant deployment of services or instances, and things can get sticky fairly quick. In this post, I will go over four AWS-specific detections you can use to monitor potentially malicious activity within your AWS environment using Splunk, and our risk-based ShadowHawk platform.

Read More