How do I detect if all of a sudden Kali Linux instance is initiated by an attacker in my AWS account.
I know that there is a guard duty signature that identifies pen testing done using Kali Linux but this signature does not work if some body uses a custom image ( not the default kali Linux image available in market place ) . How do I detect if some one uses a custom image ? Or any customisation done on base AWS image to have Kali running ? Would here be any specific Cloud trail log that says custom image was built and it resembles Kali ?
Aucun commentaire:
Enregistrer un commentaire