AWS detection engineering practices were critically assessed after a breach simulation revealed undetected attacker persistence. The team rebuilt their detection capabilities by focusing on key log sources like CloudTrail, VPC Flow Logs, and GuardDuty, emphasizing the importance of correlation across these sources for effective threat detection.

The article discusses the concept of CloudTrail logging evasion in AWS, emphasizing the importance of policy size when creating effective logging mechanisms. It highlights how attackers can exploit insufficiently sized policies to avoid detection and the need for robust configurations to enhance security.

Preparing for cloud incidents requires a strategic approach to logging across major cloud providers. This article ranks essential logs for Microsoft, AWS, and Google Cloud, providing insights on their criticality for detecting and responding to security incidents, as well as real-life case studies illustrating their importance. Ensuring the right logs are enabled and retained is vital for effective incident response.

Pinterest's Big Data Platform team has developed Moka, a next-generation data processing platform deployed on AWS Elastic Kubernetes Service (EKS). The article outlines Moka's infrastructure, including its logging and observability strategies, which leverage tools like Fluent Bit for log management and Prometheus for metrics storage and monitoring. Key learnings and future directions for Moka's development are also discussed.