Monitoring: Amazon GuardDuty
Amazon GuardDuty automates security monitoring for your Amazon Web Services (AWS) environments to detect potentially unauthorized and malicious activity. With GuardDuty, you receive recommendations for mitigating threats, including specific guidance derived from cloud-native detection APIs.
Why should you monitor Amazon GuardDuty findings?
To benefit from the real-time security monitoring provided by GuardDuty, it is crucial to respond to potential threats as fast as possible. Therefore, it is necessary to keep an eye on new GuardDuty findings. The following figure shows how marbot configures monitoring for GuardDuty and escalates alerts among team members.
How does monitoring Amazon GuardDuty work?
Without further ado, marbot notifies you about Amazon GuardDuty findings. Here is what an alert caused by a GuardDuty finding looks like in Microsoft Teams.
And here is the same alert in Slack.
How do you set up monitoring of Amazon GuardDuty?
marbot works with Slack and Microsoft Teams. Please select your platform and follow the Getting Started guide.
Which events does marbot monitor in detail?
marbot creates EventBridge rules to monitor the following events automatically.
| Event Type | Description |
|---|---|
GuardDuty Finding |
Get alerted in case of findings with severity >= 7. |
Chatbot for AWS Monitoring
Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.
