Real-Time Log Analytics & Security Monitoring Platform
Cloud Security Project
You were been asked by the Chief Information Officer to build-out a cloud native Security Information and Event Managment (SIEM) system that should be able to support both the DevOps and Application team as they migrate their workload to the cloud.
Operations & Observability¶
Focus: Keeping the "lights on" through monitoring and automated recovery.
The Project: Build a Centralized Logging & Alerting System.
Key Tasks:
-
Configure Organizational Cloudtrail Logs to an s3 bucket
-
Use CloudWatch Logs and VPC Flow Logs to monitor traffic.
-
Configure Continuous Security Monitoring using AWS Security Hub
-
Using AWS Guard duty for automated threat detection and response
-
Set up CloudWatch Alarms that trigger SNS notifications (e.g., Slack/Email) when CPU or 4xx errors spike.
-
Implement AWS Config to monitor for non-compliant resources (e.g., unencrypted S3 buckets).
-
Advanced Twist: Use AWS Systems Manager (SSM) to patch EC2 instances automatically without SSH.