SEC 4: How do you detect and investigate security events?

Capture and analyze events from logs and metrics to gain visibility. Take action on security events and potential threats to help secure your workload.

Resources

Amazon GuardDuty
AWS Answers: Centralized Logging
Security Partner Solutions: Logging and Monitoring

Best Practices:

Improvement Plan

Define security event detection and handling requirements
Define requirements that will help you detect and investigate security events.

Implement detective controls

Implement investigation techniques

Resources from partners
Logging & Monitoring
Developer Tools/Log Analysis