Creating metric filters and dashboards to detect anomalous activity (for example, by using Amazon CloudWatch)
Analyzing and remediating the configuration of a custom application that is not reporting its statistics
Services and tools to analyze captured logs (for example, Athena, CloudWatch Logs filter)
Visualizations to identify anomalies
Automating remediation by using AWS services (for example, AWS Lambda, AWS Step Functions, EventBridge, AWS Systems Manager runbooks, Security Hub, AWS Config)
Preparing services for incidents and recovering services after incidents
Designing mechanisms to forward traffic over secure connections (for example, by using Systems Manager and EC2 Instance Connect)
Designing and implementing playbooks and runbooks for responses to security incidents
Centrally managing security services and aggregating findings (for example, by using delegated administration and AWS Config aggregators)
Host-based security (for example, firewalls, hardening)
Tools that monitor metrics and baselines (for example, GuardDuty, Systems Manager)
Identifying anomalies based on resource utilization and trends
Determining when to use AWS Security Token Service (AWS STS) to issue temporary credentials
Securing AWS account root user credentials
Designing network flows to keep data off the public internet (for example, by using Transit Gateway, VPC endpoints, and Lambda in VPCs)