Versions Compared

Version Old Version 4 New Version Current
Changes made by

Laszlo Frazer

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table

Description

cloud.aws.guardduty.findings

Threats identified by GuardDuty.

Authorize It

  1. Authorize SQS SQS Data Access.

  2. Enable GuardDutyfollowing the AWS documentation. When you you reach the step “Replace Amazon S3 bucket ARN with the Amazon Resource Name (ARN) of the Amazon S3 bucket.” then use the S3 bucket you already authorized in Step 1.

...

A typical result would be a port scan. If an entity conducts a port scan and also accesses resources, this may be an indication of malicious access.

...

For example, if an access key is being used through Tor, you may wish to rotate the credential.

Monitor It

The AWS Essential Alerts from Devo Exchange, includes an alert that detects deletion of a GuardDuty detector. GuardDuty configuration changes can be monitored with the CloudTrail Devo service.

...