Analyzing the service functionality, permissions, and configuration of resources after an event that did not provide visibility or alerting
Analyzing Amazon Inspector findings and determining appropriate mitigation techniques
Identifying unused resources by using AWS services and tools (for example, AWS Trusted Advisor, AWS Cost Explorer)
Scanning EC2 instances and container images for known vulnerabilities
Defining the metrics and thresholds that generate alerts
Log destinations and lifecycle management (for example, retention period)
AWS Well-Architected Framework
Methods and services for creating and managing identities (for example, federation, identity providers, AWS IAM Identity Center [AWS Single Sign-On], Amazon Cognito)
Normalizing, parsing, and correlating logs
Evaluating findings from security services (for example, GuardDuty, Security Hub, Macie, AWS Config, IAM Access Analyzer)
Designing network controls to permit or prevent network traffic as required (for example, by using security groups, network ACLs, and Network Firewall)
Designing secure connectivity between AWS and on-premises networks (for example, by using Direct Connect and VPN gateways)
Identifying logging requirements and sources for log ingestion
AWS Security Finding Format (ASFF)
Selecting appropriate edge services based on anticipated threats and attacks (for example, OWASP Top 10, DDoS)
Applying the principle of least privilege across an environment