Incident Response and Threat Detection
July 18, 2024
Playbooks for cloud security incidents detection pipelines, containment, forensics, and post-mortem practices for DevSecOps teams.
Purpose
This research track captures operational security knowledge: how to detect threats in cloud logs, respond under pressure, and improve systems after incidents.
Topics
- SIEM log pipeline design (CloudTrail, VPC Flow, K8s audit)
- Alert tuning and on-call runbooks
- Containment without breaking the business
- Blameless post-mortems and control improvements