Free Assessment

Amazon_GuardDuty_1

Ensure GuardDuty is Enabled

Description

Amazon GuardDuty is a security monitoring service which is a continuous monitor. It analyzes and processes the data sources like AWS CloudTrail event logs, VPC Flow,  DNS logs Logs for malicious or unauthorized behavior. It monitors for activity such as unusual API calls, potentially compromised EC2 instances or potentially unauthorized deployments that indicate a possible AWS account compromise. This service uses threat intelligence feeds, like lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment.

Remediation

Perform the following steps to enable AWS GuradDuty:

  1. Sign in to the AWS Management Console.
  2. Navigate to AWS GuardDuty home page at https://console.aws.amazon.com/guardduty.
  3. Click the Get started button to initiate the setup process.
  4. On the Enable GuardDuty page, within Service permissions section, click View service role permissions to view the access policy with the permissions that GuardDuty service requires to generate findings for your AWS environment, then click Enable GuardDuty to activate the service. Once the service is enabled, it should immediately start to pull and analyze independent streams of data from AWS CloudTrail, VPC flow logs, and DNS logs in order to generate findings.

Service

GuardDuty

Severity

Medium

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More