Thanks for the video. Couple of questions - You hardcoded the instance Id of the compromised instance in the Lambda environment variables? How will this work in a production scenario where any instance can become compromised and tries to communicate with the malicious instance. How would you get the instance ID of the compromised instance then? The SG of the compromised instance has ALL outbound access but no inbound access from the malicious IP address correct? If the nmap script is failing, the finding is still generated in Security hub?
![[#2024MAMA] G-DRAGON - 무제(Untitled, 2014)+POWER+HOME SWEET HOME+뱅뱅뱅+FANTASTIC BABY | Mnet 241123 방송](http://i.ytimg.com/vi/Ox29z5Nf1Uk/mqdefault.jpg)
Great illustration & explaining
Glad you liked it!
It’s nice but whenever I tried event bridge was not started the action in the security hub.its failed
Could you please help me out
@@tejasudheerkumar help me with error.. Without error i wont be able to comment. Seems either permission or linkage is missing
Thanks for the video. Couple of questions -
You hardcoded the instance Id of the compromised instance in the Lambda environment variables? How will this work in a production scenario where any instance can become compromised and tries to communicate with the malicious instance. How would you get the instance ID of the compromised instance then?
The SG of the compromised instance has ALL outbound access but no inbound access from the malicious IP address correct? If the nmap script is failing, the finding is still generated in Security hub?
0:17
0:29