How TLS certificates work with various network services and resources (for example, CloudFront, load balancers)
Analyzing log sources to identify problems
Log format and components (for example, CloudTrail logs)
Configuring integrations with native AWS services and third-party services (for example, by using Amazon EventBridge and the ASFF)
Strategies to centralize security findings
Security telemetry sources (for example, Traffic Mirroring, VPC Flow Logs)
Determining which telemetry sources to monitor based on network design, threats, and attacks (for example, load balancer logs, VPC Flow Logs, Traffic Mirroring)
Protecting and preserving forensic artifacts (for example, by using S3 Object Lock, isolated forensic accounts, S3 Lifecycle, and S3 replication)
Implementing and enforcing multi-account tagging strategies
Collecting and organizing evidence by using Security Hub and AWS Audit Manager
Configuring services to activate encryption of data at rest (for example, Amazon S3, Amazon RDS, DynamoDB, Amazon Simple Queue Service [Amazon SQS], Amazon EBS, Amazon EFS)
Determining solutions to produce desired network behavior
Designing KMS key policies to limit key usage to authorized users
Log analysis for event validation