Skill UI

Guides building, tuning, and validating production Apache Spark jobs, covering DataFrame/RDD choices, partitioning, broadcast joins, skew handling, caching, and cluster configuration for big data pipelines.

This solution automates the processing of AWS GuardDuty findings using EventBridge and AWS Lambda. It enables real-time incident response capabilities, including automatic quarantine of compromised EC2 resources, comprehensive forensic snapshot creation, and immediate high-severity security notifications via SNS. Ideal for SOC teams seeking to drastically reduce Mean Time To Response (MTTR) and strengthen cloud security posture.

Detect unauthorized crypto-mining in AWS, Azure, and GCP by correlating GuardDuty/Defender/SCC findings, compute anomalies, network flows, and container/serverless behaviors to validate threats and guide response.

This guide teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous, comprehensive threat detection across entire AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting various finding severity levels, and building robust, automated incident response playbooks using EventBridge and AWS Lambda for immediate containment actions.

This skill detects compromised cloud credentials by analyzing anomalous API activity, impossible travel patterns, and unauthorized access indicators across AWS, Azure, and GCP. It integrates findings from GuardDuty, Defender for Identity, and Security Command Center to provide comprehensive threat visibility and assist in incident response and scope assessment.

A comprehensive guide for security teams on detecting and responding to unauthorized crypto mining operations in cloud environments (AWS, Azure). It details a multi-layered approach, utilizing cost anomaly detection, compute utilization monitoring, GuardDuty findings, and network flow log analysis (VPC/KQL) to identify resource hijacking attempts and suspicious activity across EC2, ECS, and EKS workloads.

A comprehensive guide and workflow for detecting unauthorized data exfiltration from AWS S3 buckets. It details how to leverage multiple AWS services—including CloudTrail, GuardDuty, Amazon Macie, and Athena—to analyze access patterns, identify bulk downloads, and detect cross-account data transfers, ensuring robust cloud compliance and security monitoring.

This skill provides a comprehensive guide to deploying AWS Security Hub for centralized Cloud Security Posture Management (CSPM). It covers aggregating security findings from multiple sources (GuardDuty, Inspector, Macie, and third-party tools), enabling compliance checks against standards like CIS and PCI-DSS, and automating remediation workflows across multi-account AWS organizations. Ideal for security teams needing continuous compliance monitoring and robust governance.

This skill guides users on performing advanced, cloud-native threat hunting using AWS Detective. It leverages interactive behavior graphs, entity investigation timelines, and GuardDuty correlations to automatically analyze AWS logs (CloudTrail, VPC Flow Logs, etc.). Users can efficiently investigate suspicious IAM users, detect lateral movement, and correlate complex attack narratives across multiple AWS services.