AWS Security

GuardDuty Intrusion Detection you own this product

This project is part of the liveProject series AWS Security: Audit and Intrusion Detection Automation
prerequisites
basic knowledge of *nix/bash command shell • basic knowledge of the Git version control system • basic hands-on experience with AWS CloudFormation • basic knowledge of Python 3 programming
skills learned
develop automation to configure Amazon GuardDuty across accounts • develop Python code to retrieve a threat intelligence set from AlienVault OTX • deploy to a scheduled AWS Lambda Function to keep the threat intelligence set up to date • configure Amazon GuardDuty to use the intelligence set
Eric Kascic
1 week · 4-6 hours per week · INTERMEDIATE
Included with a Manning Online subscription
try now

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

Look inside

In this liveProject, you’ll set up the intrusion detection service Amazon GuardDuty to help catch any hackers who may be trying to break in—or who already have and are up to no good! To achieve this goal, you’ll iteratively develop infrastructure as code in the form of AWS CloudFormation templates, then learn to address cross-account automation issues.

This project is designed for learning purposes and is not a complete, production-ready application or solution.

book resources

When you start your liveProject, you get full access to the following books for 90 days.

project author

Eric Kascic

Eric Kascic is a software developer with 25 years of professional experience. He has developed software solutions across a variety of business domains including telecommunications, medical imagery, and financial services. He has developed embedded, desktop, and server-side software, and has specialized in creating build, deployment, and test automation systems.

Since 2013, he has primarily focused on the AWS platform. At Stelligent, a boutique consulting firm that traditionally specialized in CI/CD, DevOps, and AWS automation, he developed CI/CD solutions for the AWS platforms of financial services companies. In developing infrastructure-as-code solutions, security was a primary focus. Eric invented the cfn_nag tool in 2016 to perform static analysis on CloudFormation templates to help customers prevent deploying unsecured AWS resources (such as those missing encryption or with overly permissive access).

He is currently a principal security engineer at a financial services company where he develops software to support security processes including automation of AWS IAM role creation, as well as a platform to detect and remediate insecure AWS resources across hundreds of accounts. Eric has published several articles relevant to security automation in AWS, including articles about cfn_nag, IAM, CloudFormation, and CI/CD.

prerequisites

This liveProject series is intended for security engineers with intermediate experience in AWS and infrastructure as code. You will need to be familiar with the following:

TOOLS
  • Basic knowledge of *nix/bash command shell, including pipes, redirection, command substitution
  • Basic knowledge of the Git version control system
  • Basic hands-on experience with AWS CloudFormation
  • Basic hands-on experience with the AWS CLI
  • Intermediate knowledge of AWS accounts and AWS Organizations
  • Intermediate knowledge of Python 3 programming including: lists, dicts, loops, comprehensions, functions, conditionals
  • Basic knowledge of Amazon GuardDuty will be helpful
TECHNIQUES
  • Intermediate understanding of cloud computing and the AWS platform
  • Basic understanding of “infrastructure as code”
  • Basic understanding of security concepts

Note: For all milestones in this project beware that it costs money to deploy AWS resources and leave them running. The costs depend upon the type of resource.

you will learn

In this liveProject, you’ll develop “infrastructure as code” in the form of AWS CloudFormation templates to achieve the objective of configuring intrusion detection. You’ll develop the “code” iteratively and learn to address cross-account automation issues.

  • Develop automation to configure Amazon GuardDuty across accounts
  • Develop Python code to retrieve a threat intelligence set from AlienVault OTX
  • Deploy to a scheduled AWS Lambda Function to keep the threat intelligence set up-to-date
  • Configure Amazon GuardDuty to use the intelligence set

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.

choose your plan

pro

monthly
annual
$24.99
$249.99
only $20.83 per month
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • GuardDuty Intrusion Detection project for free

team

monthly
annual
$49.99
$499.99
only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • GuardDuty Intrusion Detection project for free