AWS whitepapers documentation change
Summary
Removed entire documentation content including alert source definitions and security monitoring guidance
Security assessment
Change deletes security documentation about alert sources (GuardDuty, Security Hub, Macie, etc.) but shows no evidence of addressing a specific vulnerability. Removal of security guidance could indirectly weaken security posture.
Diff
diff --git a/whitepapers/latest/aws-security-incident-response-guide/alert-sources.md b/whitepapers/latest/aws-security-incident-response-guide/alert-sources.md index 40052c56b..8b1378917 100644 --- a//whitepapers/latest/aws-security-incident-response-guide/alert-sources.md +++ b//whitepapers/latest/aws-security-incident-response-guide/alert-sources.md @@ -1 +0,0 @@ -[View a markdown version of this page](alert-sources.md) @@ -3,48 +1,0 @@ -[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#alert-sources "Open PDF") - -[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html) - -# Alert sources - -You should consider using the following sources to define alerts: - - * **Findings** – AWS services such as [Amazon GuardDuty](https://aws.amazon.com/guardduty/), [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/), [Amazon Macie](https://aws.amazon.com/macie/), [Amazon Inspector](https://aws.amazon.com/inspector/), [AWS Config](https://aws.amazon.com/config/), [IAM Access Analyzer](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html), and [Network Access Analyzer](https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/what-is-vaa.html) generate findings that can be used to craft alerts. - - * **Logs** – AWS service, infrastructure, and application logs stored in Amazon S3 buckets and CloudWatch log groups can be parsed and correlated to generate alerts. - - * **Billing activit** y – A sudden change in billing activity can indicate a security event. Follow the documentation on [Creating a billing alarm to monitor your estimated AWS charges](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html) to monitor for this. - - * **Cyber threat intelligence** – If you subscribe to a third-party cyber threat intelligence feed, you can correlate that information with other logging and monitoring tools to identify potential indicators of events. - - * **Partner tools** – Partners in the AWS Partner Network (APN) offer top-tier products that can help you meet your security objectives. For incident response, partner products with endpoint detection and response (EDR) or SIEM can help support your incident response objectives. For more information, see [Security Partner Solutions](https://aws.amazon.com/security/partner-solutions/) and [Security Solutions in the AWS Marketplace](https://aws.amazon.com/marketplace/solutions/security). - - * **AWS trust and safety** – Support might contact customers if we identify abusive or malicious activity. - - * **One-time contact** – Because it can be your customers, developers, or other staff in your organization who notice something unusual, it’s important to have a well-known, well-publicized method of contacting your security team. Popular choices include ticketing systems, contact email addresses, and web forms. If your organization works with the general public, you might also need a public-facing security contact mechanism. - - - - -For more information about cloud capabilities that you can use during your investigations, refer to [Appendix A: Cloud capability definitions](./appendix-a-cloud-capability-definitions.html) in this document. - - **Javascript is disabled or is unavailable in your browser.** - -To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. - -[Document Conventions](/general/latest/gr/docconventions.html) - -Detection - -Detection as part of security control engineering - -Did this page help you? - Yes - -Thanks for letting us know we're doing a good job! - -If you've got a moment, please tell us what we did right so we can do more of it. - -Did this page help you? - No - -Thanks for letting us know this page needs work. We're sorry we let you down. - -If you've got a moment, please tell us how we can make the documentation better.