AWS re:Inforce

Threat Hunting with CloudTrail and GuardDuty in Splunk

This post is the reference section of my dev-chat at the first ever AWS re:Inforce conference in Boston. You can find my slides here. The purpose was to give the audience a brief overview of how to conduct basic threat hunting in their CloudTrail and GuardDuty. We throw in a bit of Vulnerability Hunting and awareness with Antiope at the end. Tools The tools we need here are: Centralized CloudTrail Centralized GuardDuty Antiope Splunk.