Explore the critical aspects of incident response in cloud-based environments through this informative conference talk from the SANS DFIR Summit 2024. Delve into the challenges faced by security teams as organizations increasingly shift towards cloud-native setups. Learn about key log sources for essential SaaS solutions like Okta, GitHub, and Salesforce, focusing on crucial fields investigators should be aware of. Discover common pitfalls and issues in SaaS log interpretation, and gain strategies for effectively utilizing these logs in incident detection and response. Acquire insights into the complexities of monitoring and detecting activity in SaaS platforms, and benefit from a tactical cheat sheet covering these and additional SaaS products. Equip yourself with valuable knowledge to investigate future compromises and enhance detection capabilities in cloud-based environments.