Intermediate Pro

AWS GaurdDuty Log Analysis using Splunk

Threat Detection and Analysis with Amazon GuardDuty Logs

Self-Paced by Rajneesh Gupta

Overview

This project provides hands-on experience with Amazon GuardDuty findings using a
realistic dataset of 2000 JSON entries. GuardDuty does not log all traffic,
instead it generates findings when suspicious or malicious activity is
detected. In this lab, you will work with a dataset containing findings across
multiple categories including Unauthorized Access, Reconnaissance, Suspicious
API Calls, Crypto Mining, S3 Data Access, and Malware.

You will learn how to parse, filter, and analyze GuardDuty findings to identify
patterns, prioritize threats, and simulate how SOC analysts triage GuardDuty alerts.

What You'll Learn

  • Understanding GuardDuty Findings

    Learn how GuardDuty generates findings from VPC Flow Logs, CloudTrail, and DNS logs.

  • Analyzing Suspicious Activity

    Explore brute force attacks, port scans, crypto mining attempts, and S3 access anomalies.

  • Prioritizing by Severity

    Learn to categorize findings into Low, Medium, and High severity to focus on critical issues.

  • Threat Hunting in Cloud Logs

    Practice querying JSON logs to extract attacker IPs, resources targeted, and affected regions.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Apache Web Server Log Monitoring using Wazuh
Pro Beginner

Apache Web Server Log Monitoring using Wazuh

Real-time detection of HTTP errors, brute-force and suspicious requests from Apache logs