Welcome to the GitHub repository for Team 32's final project in the CodePath course, Cybersecurity 102 - Intermediate Cybersecurity - Spring 2024 Cohort. This project presents a thorough analysis and strategic response to simulated cybersecurity threats identified in AWS S3 HoneyBucket Logs. Leveraging the AWS IRP-DataAccess framework, our project demonstrates the effective use of data from AWS S3 HoneyBuckets to improve security measures and incident response capabilities.
Security Datasets: AWS S3 HoneyBucket Logs
- The Security Datasets project is an open-source initiative that contributes malicious and benign datasets, from different platforms, to the infosec community to expedite data analysis and threat research.
- This dataset represents adversaries trying to scan, discover and access open S3 honeybucket based on known hostname patterns
- Here is a quick guide on how to locate the
.csvfiles from these datasets.
AWS Incident Response Runbook Samples: IRP-DataAccess.md
Playbook Outline
- Gather Evidence
- Contain and then eradicate the incident
- Recover from the incident
- Conduct post-incident activities, including post-mortem and feedback processes
- Incident Analysis using Splunk: Detailed examination of anomalous activities within AWS S3 logs using Splunk, providing insights into the patterns and tactics of potential cyber threats.
- Incident Management with Catalyst: Utilization of Catalyst for case management and documentation, emphasizing the workflow from the threat detection to resolution.
- Playbook Application: Implementation of a specific incident response playbook aimed at addressing and mitigating issues identified in the HoneyBucket dataset.
- Theat Identification and Response: Analysis includes identification of threat vectors and deployment of strategies to mitigate risks and enhance data security.
Anaye Abernathy
Elian Fernandez
Camille Wong
Justin Pudiquet