Skip to main content

Campus Alert

Search
Dismiss Search
Search
Dismiss Search
Menu

Edward Ngere

Edward Ngere Student Excellence Showcase Carroll Community College

Assignment Title:  Automated Ingestion & Response Lab

Assignment Details

As organizations continue migrating operations to the cloud, these critical operations need to be need to be secured, monitored, and defended with the same rigor applied to traditional on-premises infrastructure.

Monitoring these workloads and operations are essential for business continuity and maintaining an important security posture. Comprehensive logging and monitoring across both the control and data plane, paired with serverless compute functions can provide comprehensive, active, and on-time defensive measures for these critical environments.

The Automated Ingestion Response lab demonstrates a full cloud security monitoring and automated incident response pipeline using Amazon Web Services (AWS) and Splunk:  Instead of relying on a single telemetry source to respond to threats, this lab demonstrates how logs across the control and data plane can be correlated to provide expanded visibility into internal adversary tactics and techniques to enable effective automated mitigation.

Application

The Automated Ingestions & Response Lab combines numerous essential skills for a future Cybersecurity professional. These include skills ranging from cloud engineering and documentation to networking fundamentals and penetration testing simulations.

Cloud engineering involves planning and designing secure VPCs with private/public subnets mirroring common enterprise network segmentation.

Penetration testing involves executing a full kill chain from initial access to data exfiltration and demonstrates real world attack methodology.

All Cybersecurity and Networking experts need knowledge of AWS and Splunk is industry standard in most enterprise SOCs; a common route within the Cybersecurity field.

This lab also helps reinforce topics learned at Carroll by diving deeper into their functionality and utilizing them in a common enterprise scenario.

Results/Conclusions

  1. Successfully executed a full cloud attack kill chain across eight stages
  2. Splunk detected anomalous activity at each stage through custom alerts
  3. Lambda automated remediation responses without manual intervention
  4. Demonstrated end-to-end visibility across both host and cloud API activity

Comprehensive logging and detection is a crucial skill for future professionals. Traditional logging is no longer optional; it is the baseline requirement for defending modern cloud environments.

Challenges and Successes

Learning new topics such as Splunk Processing Language (SPL) was a challenging but a beneficial part of the lab, which was used for detecting alerts and correlating logs efficiently.

It was beneficial because it expanded upon my base knowledge of Splunk gathered from previous courses and certifications. However, one issue that could not be solved directly was determining the desired network layout for the lab, this issue prompted multiple revisions before reaching the final lab design compared to being a single challenge like SPL.