This session provides an overview of the latest developments in AWS threat detection and remediation. We also provide an overview of the AWS services used to detect and remediate threats. You can downloawd the presentation here.
Speaker: Rodrigo Ferroni, STAM - Security Specialist, AWS - Linkedin
For the demo we will:
- Create a new ECR repository with scanOnPush feature enable.
- Create a Docker image that contain (on purpuse) an old vulnerable package.
- Review how Amazon ECR integration with Amazon Inspector generate Findings.
- Create AWS Security Hub Custom Actions.
- Create EventBridge Rules for those Custom Actions with different Targets:
- CloudWatch Log group
- SNS Topic with Input Transformation
- Lambda Function to modify image tags