Log format and components (for example, CloudTrail logs)
Configuring integrations with native AWS services and third-party services (for example, by using Amazon EventBridge and the ASFF)
Security telemetry sources (for example, Traffic Mirroring, VPC Flow Logs)
Strategies to centralize security findings
Determining which telemetry sources to monitor based on network design, threats, and attacks (for example, load balancer logs, VPC Flow Logs, Traffic Mirroring)
Protecting and preserving forensic artifacts (for example, by using S3 Object Lock, isolated forensic accounts, S3 Lifecycle, and S3 replication)
Implementing and enforcing multi-account tagging strategies
Collecting and organizing evidence by using Security Hub and AWS Audit Manager
Configuring services to activate encryption of data at rest (for example, Amazon S3, Amazon RDS, DynamoDB, Amazon Simple Queue Service [Amazon SQS], Amazon EBS, Amazon EFS)
Determining solutions to produce desired network behavior
Designing KMS key policies to limit key usage to authorized users
Log analysis for event validation
Common attacks, threats, and exploits (for example, Open Web Application Security Project [OWASP] Top 10, DDoS)
Constructing attribute-based access control (ABAC) and role-based access control (RBAC) strategies