Accelerate security investigations with Kiro CLI
ID: c0908119-e242-5578-9da4-38ef9418d737
STIX ID: report--c0908119-e242-5578-9da4-38ef9418d737
Feed Name: AWS Security Blog
This post demonstrates using Kiro CLI to investigate a HIGH (8.0) GuardDuty finding for CryptoCurrency:EC2/BitcoinTool.B!DNS on an EC2 instance, showing end-to-end incident response steps—detection, EC2/security-group/IAM analysis (including discovery of an AdministratorAccess role attached), containment (isolation security group and deny-all policy), forensic preservation (EBS snapshots and volatile memory capture guidance), CloudTrail analysis (no evidence of lateral movement or data exfiltration), and creation of reusable steering files and automated alerting.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
