AWS solutions documentation change
Summary
Fixed a broken URL reference for AWS Config managed rules documentation
Security assessment
The change corrects a malformed URL but does not address any security vulnerabilities or introduce new security documentation. The content continues to describe existing security monitoring processes without altering security implications.
Diff
diff --git a/solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/architecture-overview.md b/solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/architecture-overview.md index 9278dff9b..2c64f5bdf 100644 --- a//solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/architecture-overview.md +++ b//solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/architecture-overview.md @@ -13 +13 @@ Deploying this Guidance with the default parameters builds the following environ -Prior to running the workflow, you will need a forensic Amazon Machine Image (AMI). You can use [Amazon EC2 Image Builder](https://aws.amazon.com/image-builder/) to build a new forensic AMI or an existing forensic AMI. . AWS Step Functions leverages the forensic AMI to perform memory and disk investigation. . In the AWS application account, [AWS Config managed rules](https://aws.amazon.com/https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html), [Amazon GuardDuty](https://aws.amazon.com/guardduty/), and third-party tools detect malicious activities that are specific to [Amazon Elastic Compute Cloud (Amazon EC2)](https://aws.amazon.com/ec2/) and [Amazon Elastic Compute Cloud (Amazon EKS)](https://aws.amazon.com/eks/) resources. For example, an EC2 instance queries a low reputation domain name that is associated with known abused domains. The findings are sent to [AWS Security Hub](https://aws.amazon.com/security-hub/) in the security account through their native or existing integration. . By default, all Security Hub findings are then sent to Amazon EventBridge to invoke automated downstream workflows. . For a specified event, EventBridge provides an instance ID for the forensics process to target, and initiates the Step Functions workflow. . Step Functions triages the request through the following approach: It first gets the instance information. It then determines if isolation is required based on the Security Hub action and if acquisition is required based on tags associated with the instance. Finally, it initiates the acquisition flow based on triaging output. +Prior to running the workflow, you will need a forensic Amazon Machine Image (AMI). You can use [Amazon EC2 Image Builder](https://aws.amazon.com/image-builder/) to build a new forensic AMI or an existing forensic AMI. . AWS Step Functions leverages the forensic AMI to perform memory and disk investigation. . In the AWS application account, [AWS Config managed rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html), [Amazon GuardDuty](https://aws.amazon.com/guardduty/), and third-party tools detect malicious activities that are specific to [Amazon Elastic Compute Cloud (Amazon EC2)](https://aws.amazon.com/ec2/) and [Amazon Elastic Compute Cloud (Amazon EKS)](https://aws.amazon.com/eks/) resources. For example, an EC2 instance queries a low reputation domain name that is associated with known abused domains. The findings are sent to [AWS Security Hub](https://aws.amazon.com/security-hub/) in the security account through their native or existing integration. . By default, all Security Hub findings are then sent to Amazon EventBridge to invoke automated downstream workflows. . For a specified event, EventBridge provides an instance ID for the forensics process to target, and initiates the Step Functions workflow. . Step Functions triages the request through the following approach: It first gets the instance information. It then determines if isolation is required based on the Security Hub action and if acquisition is required based on tags associated with the instance. Finally, it initiates the acquisition flow based on triaging output.