To access material, start machines and answer questions login.
Your has flagged an alert: an instance appears to be communicating with an unknown external IP. You need to answer basic questions:
- Where is the traffic going?
- How much data was transferred?
- When did it start, and what ports are being used?
You open and search for logs. There are none. No network telemetry exists for this . Every connection that has ever been made, legitimate or malicious, left zero trace at the network layer.
This is not an edge case. Many teams deploy workloads into VPCs without enabling , either because they forget, assume another tool covers it, or want to avoid the cost. The result is a critical visibility gap that makes investigation impossible and detection a guessing game. This is how the Marriott breach persisted for four years.
Learning Objectives
- Understand what capture and their limitations
- Identify when are missing from a
- Enable with an appropriate role and log destination
- Query Flow Log data using Logs Insights
- Build reusable security queries for monitoring and investigation
- Design a network visibility baseline for new deployments
Prerequisites
- Being able to set up your environment (First Steps Into room)
- Basic commands ( Fundamentals room)
- Have a basic understanding of the networking service (Introduction to Cloud Networking room)
Let the invisible be seen.
Ready to learn Cyber Security?
The The Invisible Network room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in
