← detection engineer

Cloud Detection Engineering — AWS, Azure, GCP, SaaS, Identity

advanced 5h

Author cloud-specific detections covering identity attack paths, data exfil, persistence, and SaaS log sources.

After this module you will

  • Map the cloud kill chain and enumerate persistence options per provider
  • Write AWS detections for assumed-role chains and persistent IAM changes
  • Write Azure/Entra ID detections for service principal abuse and consent grants
  • Author GCP detections covering service account impersonation
  • Identify what SaaS logs (Okta, GitHub, Slack) contain and what they miss

Module Quiz

Test your knowledge before moving on.

Take Quiz →