Troubleshooting Detection¶
Goal¶
Identify why detection pipelines fail.
Core Services¶
| Service | Troubleshoot |
|---|---|
| CloudWatch | Missing metrics |
| Lambda | Missing execution |
| API Gateway | Logging |
| CloudFront | Access logs |
Troubleshooting Checklist¶
No Logs¶
- IAM permissions
- Agent running
- Destination configured
No Alerts¶
- Alarm thresholds
- EventBridge rule
Missing Findings¶
- Service enabled
- Delegated admin
Exam Trigger Words¶
"missing logs" → CloudWatch
"missing findings" → Security Hub
"missing execution" → Lambda