AWS whitepapers documentation change
Summary
Removed all content including security incident narrative examples, artifact collection guidance, and documentation navigation elements.
Security assessment
Deletion of incident documentation examples and procedures doesn't reference any security vulnerability or weakness. No evidence of security incident remediation in the removed content.
Diff
diff --git a/whitepapers/latest/aws-security-incident-response-guide/develop-narratives.md b/whitepapers/latest/aws-security-incident-response-guide/develop-narratives.md index 672462022..8b1378917 100644 --- a//whitepapers/latest/aws-security-incident-response-guide/develop-narratives.md +++ b//whitepapers/latest/aws-security-incident-response-guide/develop-narratives.md @@ -1 +0,0 @@ -[View a markdown version of this page](develop-narratives.md) @@ -3,33 +1,0 @@ -[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#develop-narratives "Open PDF") - -[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html) - -# Develop narratives - -During analysis and investigation, document the actions taken, analysis performed, and information identified, to be used by the subsequent phases and ultimately a final report. These narratives should be succinct and precise, confirming that relevant information is included to verify effective understanding of the incident and to maintain an accurate timeline. They are also helpful when you engage people outside of the core incident response team. Here is an example: - -###### - -_The marketing and sales department received a ransom note on March 15th, 2022 demanding payment in cryptocurrency to avoid public posting of possible sensitive data. The SOC determined that the Amazon RDS database belonging to marketing and sales was publicly accessible on February 20th, 2022. The SOC queried RDS access logs and determined that IP address 198.51.100.23 was used on February 20th, 2022 with the credentials`mm03434` belonging to _Major Mary_ , one of the web developers. The SOC queried VPC Flow Logs and determined that approximately 256MB of data egressed to the same IP address at the same date (time stamp 2022-02-20T15:50+00Z). The SOC determined through open-source threat intelligence that the credentials are currently available in plain text in the public repository `https[:]//example[.]com/majormary/rds-utils`._ - - **Javascript is disabled or is unavailable in your browser.** - -To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. - -[Document Conventions](/general/latest/gr/docconventions.html) - -Collect relevant artifacts - -Containment - -Did this page help you? - Yes - -Thanks for letting us know we're doing a good job! - -If you've got a moment, please tell us what we did right so we can do more of it. - -Did this page help you? - No - -Thanks for letting us know this page needs work. We're sorry we let you down. - -If you've got a moment, please tell us how we can make the documentation better.