Monitoring: Amazon GuardDuty
Amazon GuardDuty automates security monitoring for your Amazon Web Services (AWS) environments to detect potentially unauthorized and malicious activity. With GuardDuty, you receive recommendations for mitigating threats, including specific guidance derived from cloud-native detection APIs.
To benefit from the real-time security monitoring provided by GuardDuty, it is crucial to respond to potential threats as fast as possible. Therefore, it is necessary to keep an eye on new GuardDuty findings. The following figure shows how marbot configures monitoring for GuardDuty and escalates alerts among team members.
Without further ado, marbot notifies you about Amazon GuardDuty findings. Here is what an alert caused by a GuardDuty finding looks like in Microsoft Teams.
And here is the same alert in Slack.
marbot works with Slack and Microsoft Teams. Please select your platform and follow the Getting Started guide.
marbot creates EventBridge rules to monitor the following events automatically.
||Get alerted in case of findings with severity >= 7.|