Get an iPad Air w/ Smart Keyboard, Pixel 4a Smartphone, or Take $350 Off with Online Training! Offer Ends Soon!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How to Leverage Endpoint Detection and Response (EDR) in AWS Investigations

  • Tuesday, March 03, 2020 at 3:30 PM EST (2020-03-03 20:30:00 UTC)
  • Sagar Khasnis, Justin Henderson


  • AWS Marketplace

You can now attend the webcast using your mobile device!



Adding EDR capabilities into your Amazon Web Services (AWS) environment can inform investigations and provide actionable details for remediation. In this webcast, which was previously recorded, you will discover how to unpack and leverage the telemetry provided by endpoint security solutions using MITRE Cloud examples, such as Exploit Public-Facing Application (T1190) and Data Transfer to Cloud Account (T1537) by examining process trees. You will also find out how these solutions can help identify who has vulnerable software or configurations on their systems by leveraging indicators of compromise (IOC) to pinpoint the depth and breadth of malware (MD5).

Attendees at this webcast will learn how to:

  • Utilize endpoint security visibility to enrich your investigations in AWS
  • Use EDR to add thousands of host-based observables for threat hunting
  • Auto-scale threat detection across all your cloud endpoints
  • Integrate a cloud access security broker (CASB) to extend protection to cloud apps

Register today to be among the first to receive the associated whitepaper written by SANS Instructor Justin Henderson.

Speaker Bios

Justin Henderson

Justin Henderson is a certified SANS instructor who authored the SEC555 SIEM with Tactical Analytics course and co-authored SEC455 SIEM Design and Implementation and SEC530 Defensible Security Architecture and Engineering. He is a member of the SANS Cyber Guardian Blue Team who is passionate about making defense fun and engaging. Justin specializes in threat hunting via SIEM, network security monitoring and ad hoc scripting.

Sagar Khasnis

Sagar Khasnis is a Partner Solutions Architect focusing on AWS Marketplace and Service Catalog. He has vast experience in helping enterprise customers in various technical roles. He is a technologist who is passionate about building innovative solutions using AWS services to help customers achieve their business objectives.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.