AWS solutions documentation change
Summary
Reorganized documentation structure - moved workflow diagram position, removed section headers, and condensed implementation steps into a simplified list format
Security assessment
Changes are structural/formatting improvements to documentation flow without modifying security-related content. No vulnerabilities or security features are introduced/updated.
Diff
diff --git a/solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/forensic-triage-service.md b/solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/forensic-triage-service.md index 197a30446..3850c0f39 100644 --- a//solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/forensic-triage-service.md +++ b//solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/forensic-triage-service.md @@ -13,2 +12,0 @@ The diagram below represents the logical interaction view of the forensic triage - - @@ -17 +15 @@ The diagram below represents the logical interaction view of the forensic triage -## Implementation view + @@ -19 +17 @@ The diagram below represents the logical interaction view of the forensic triage - +## Implementation view @@ -23,19 +21 @@ The diagram below represents the logical interaction view of the forensic triage - 1. AWS Security Hub operating in AWS application account is reported with details of the compromised instance and the findings get aggregated to AWS Security Hub administrator AWS master Account. - - 2. The security administrator initiates one of the following forensic actions in Security Hub. - - 1. Forensic triage - - 2. Forensic isolation - - 3. Amazon EventBridge initiates the _triage_ Step Functions flow. - - 4. _Get Instance_ Lambda function assumes role into compromised application account and retrieves instance information. - - 5. The _triage flow_ triggers _acquisition flow_ in parallel unless the instance tag **IsTriageRequired** is set to `false`. - - 1. _Forensic memory acquisition flow_ initiates the memory acquisition Step Functions. - - 2. _Forensic disk acquisition flow_ initiates the disk acquisition Step Functions. - - 6. Once completed, the acquisition flow triage results are sent to SNS. + @@ -42,0 +23 @@ The diagram below represents the logical interaction view of the forensic triage +AWS Security Hub operating in AWS application account is reported with details of the compromised instance and the findings get aggregated to AWS Security Hub administrator AWS master Account. . The security administrator initiates one of the following forensic actions in Security Hub. @@ -43,0 +25 @@ The diagram below represents the logical interaction view of the forensic triage +\+ .. Forensic triage .. Forensic isolation . Amazon EventBridge initiates the _triage_ Step Functions flow. . _Get Instance_ Lambda function assumes role into compromised application account and retrieves instance information. . The _triage flow_ triggers _acquisition flow_ in parallel unless the instance tag **IsTriageRequired** is set to `false`. @@ -44,0 +27 @@ The diagram below represents the logical interaction view of the forensic triage +\+ .. _Forensic memory acquisition flow_ initiates the memory acquisition Step Functions. .. _Forensic disk acquisition flow_ initiates the disk acquisition Step Functions. . Once completed, the acquisition flow triage results are sent to SNS.