| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Purpose
An analyst wants to detect malicious behavior in AWS. Using the GuardDuty SQS collector to send findings to Devo, the analyst will obtain preanalyzed threats. As a result, the analyst will use GuardDuty’s threat intelligence to initiate investigations of CloudTrail logs in Devo.
...
AWS Essential Alerts includes an alert that detects deletion of a GuardDuty detector. GuardDuty configuration changes can be monitored with the CloudTrail Devo service.
Create an inactivity alertto detect interruptions of transfer of data from the source to the SQS queue using the query
...